d2d8ccf8f14e53ccba344821cda5dfbb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d2d8ccf8f14e53ccba344821cda5dfbb_JaffaCakes118
Size

21KB
MD5

d2d8ccf8f14e53ccba344821cda5dfbb
SHA1

89357a9f3c1053ecfb3fa0e55b121848c59a11cc
SHA256

d977e9640adc0fc1f9e75145ed3f3e3c7962dfa7ccaf17c0751f8b6b9fe519ee
SHA512

0320f224c7994ca6c707ba9fab001b285bd509369e516ba6891a4f98ce9e2243dbabf7c4f75d615103ba8e12dd5ff511d280cef0dead0fced2abe5af6d806a13
SSDEEP

384:wzx22vlvKQknw8TQCXSsaSnZVNhJDbwOOM9LwgJnmDnVT9G3:wzx22NiQknwaQCXlnFXdwe4p9G3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d2d8ccf8f14e53ccba344821cda5dfbb_JaffaCakes118

Files

d2d8ccf8f14e53ccba344821cda5dfbb_JaffaCakes118
.dll windows:4 windows x86 arch:x86

cdfaa6f0b0b028050e687a53f4e153f1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetCloseHandle
InternetReadFile
InternetOpenUrlA
InternetOpenA

msvcrt

memcpy
_except_handler3
strrchr
strcpy
memset
strlen
strcat
strstr
strncpy
sprintf
free
malloc
atoi
strchr
strcmp
memcmp
rand
srand
time
fread
fclose
fseek
fopen
wcscmp
??3@YAXPAX@Z
??2@YAPAXI@Z
fwrite
__CxxFrameHandler
_mbscmp
__dllonexit
_onexit
??1type_info@@UAE@XZ

kernel32

HeapAlloc
GetProcessHeap
VirtualProtect
CloseHandle
WriteFile
SetFilePointer
CreateFileA
CompareStringA
GetModuleFileNameA
IsBadReadPtr
ReadFile
GetFileSize
OpenProcess
GetTickCount
GetSystemDirectoryA
lstrlenA
WideCharToMultiByte
MultiByteToWideChar
DeleteFileA
CreateThread
TerminateProcess
Sleep
FreeLibrary
FindClose
FindFirstFileA

user32

wsprintfA
wvsprintfA
DispatchMessageA
TranslateMessage
PeekMessageA
GetWindowTextA
GetWindowTextLengthA
GetForegroundWindow
FindWindowA
GetWindowThreadProcessId
KillTimer
GetDC

gdi32

GetDIBits
GetObjectA
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
GetDeviceCaps

mfc42

ord561
ord815
ord3663
ord3571
ord3626
ord640
ord2414
ord5785
ord1641
ord1640
ord323
ord2859
ord4129
ord2915
ord5710
ord800
ord858
ord924
ord4278
ord860
ord5683
ord6663
ord2764
ord540
ord537
ord1988
ord2393
ord5356
ord5204
ord690
ord3229
ord389
ord6657
ord665
ord1979
ord5442
ord5186
ord354
ord6881
ord1074
ord2818
ord939
ord941
ord4204

netapi32

Netbios

msvcp60

??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z

gdiplus

GdipGetImageEncoders
GdipGetImageEncodersSize
GdipDisposeImage
GdipSaveImageToFile
GdipLoadImageFromFile
GdiplusStartup
GdipFree
GdipAlloc
GdipCloneImage

Sections

.data
Size: 17KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cdfaa6f0b0b028050e687a53f4e153f1

Headers

File Characteristics

Imports

wininet

msvcrt

kernel32

user32

gdi32

mfc42

netapi32

msvcp60

gdiplus

Sections

.data Size: 17KB - Virtual size: 24KB

.CRT Size: 512B - Virtual size: 16B

.reloc Size: 2KB - Virtual size: 1KB

.data
Size: 17KB - Virtual size: 24KB

.CRT
Size: 512B - Virtual size: 16B

.reloc
Size: 2KB - Virtual size: 1KB