d45fbe8bd6df1a448a8a1c8cafb8eb4b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d45fbe8bd6df1a448a8a1c8cafb8eb4b_JaffaCakes118
Size

723KB
MD5

d45fbe8bd6df1a448a8a1c8cafb8eb4b
SHA1

f2fc0f5dad8f9a110ef1ed12201df0b0872e90b3
SHA256

dc53a08723c0bdd8a95b1a0882b87ad1978b20ade0cc4cfff60f73540f56b744
SHA512

43b9ca2e1ab508f3aed3cb1c4fe3b26b1fc9e5a0826e01d95c408473403be4ab2632d8231e5b39c4b9c423c9be9ae4b599b4c92881fc8a5b7996bced4ab8f590
SSDEEP

12288:B8mufLg9KpSFakG3TzHLprP2W04m0OvjB7HV33KiZz3G:emlYpSA/TzHLprP2NvtV33KWz3G

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d45fbe8bd6df1a448a8a1c8cafb8eb4b_JaffaCakes118

Files

d45fbe8bd6df1a448a8a1c8cafb8eb4b_JaffaCakes118
.dll windows:6 windows x86 arch:x86

09e1609c01f9bcb000d5bd77ee322797

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalUnlock
DisableThreadLibraryCalls
CreateThread
GetModuleFileNameA
VirtualProtect
FreeLibraryAndExitThread
GetModuleHandleA
CreateToolhelp32Snapshot
Sleep
Process32Next
CloseHandle
Beep
GetProcAddress
VirtualQuery
GetCurrentProcess
K32GetModuleInformation
GlobalLock
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
GlobalAlloc
QueryPerformanceCounter
QueryPerformanceFrequency
FindClose
FindNextFileA
FindFirstFileA
GetTickCount64
MultiByteToWideChar
GetPrivateProfileStringA
CreateDirectoryA
ResetEvent
SetEvent
WritePrivateProfileStringA
GetTickCount
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetVolumeInformationA

user32

SetClipboardData
GetClipboardData
SetCursor
GetClientRect
CloseClipboard
GetKeyState
GetAsyncKeyState
CallWindowProcA
OpenClipboard
FindWindowA
SetWindowLongA
EmptyClipboard

advapi32

CryptDestroyHash
CryptAcquireContextA
CryptCreateHash
CryptHashData
GetCurrentHwProfileA
CryptGetHashParam
CryptReleaseContext

shell32

SHGetFolderPathA

msvcp140

??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
?_BADOFF@std@@3_JB
?_Xinvalid_argument@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ

wininet

HttpOpenRequestA
InternetConnectA
InternetCheckConnectionA
InternetOpenA
HttpSendRequestA
InternetCloseHandle
InternetReadFile

urlmon

URLDownloadToFileA

imm32

ImmSetCompositionWindow
ImmGetContext

vcruntime140

__std_exception_copy
__vcrt_InitializeCriticalSectionEx
memset
_CxxThrowException
_except_handler4_common
__std_type_info_destroy_list
__std_exception_destroy
strchr
memchr
strstr
_purecall
memcpy
memmove
__std_terminate
__CxxFrameHandler3

api-ms-win-crt-utility-l1-1-0

srand
rand
qsort

api-ms-win-crt-math-l1-1-0

_CIatan2
_libm_sse2_acos_precise
_libm_sse2_cos_precise
_libm_sse2_exp_precise
_libm_sse2_pow_precise
_libm_sse2_sin_precise
fmaxf
_except1
_libm_sse2_sqrt_precise
ceil
floor
_CIfmod

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
_wassert
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
terminate
_initterm
_initterm_e
_errno
_invalid_parameter_noinfo

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file
remove

api-ms-win-crt-stdio-l1-1-0

fsetpos
ungetc
setvbuf
__stdio_common_vsprintf
fgetpos
__stdio_common_vsprintf_s
fgetc
_fseeki64
fputc
ftell
_get_stream_buffer_pointers
fopen
__acrt_iob_func
__stdio_common_vsscanf
fread
_wfopen
fflush
fclose
__stdio_common_vfprintf
fseek
fwrite

api-ms-win-crt-convert-l1-1-0

atof
atoi
strtol

api-ms-win-crt-string-l1-1-0

strncpy
towlower
isprint
isspace
_stricmp

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
free

Sections

.text
Size: 617KB - Virtual size: 616KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 475KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

09e1609c01f9bcb000d5bd77ee322797

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

msvcp140

wininet

urlmon

imm32

vcruntime140

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 617KB - Virtual size: 616KB

.rdata Size: 78KB - Virtual size: 78KB

.data Size: 3KB - Virtual size: 475KB

.gfids Size: 512B - Virtual size: 80B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 21KB - Virtual size: 21KB

.text
Size: 617KB - Virtual size: 616KB

.rdata
Size: 78KB - Virtual size: 78KB

.data
Size: 3KB - Virtual size: 475KB

.gfids
Size: 512B - Virtual size: 80B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 21KB - Virtual size: 21KB