d9d32a464969a29be3eb279f06a46713_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d9d32a464969a29be3eb279f06a46713_JaffaCakes118
Size

132KB
MD5

d9d32a464969a29be3eb279f06a46713
SHA1

d882c6bbc45dd450868f7492654e36005e3cdf11
SHA256

b2a4b57ce556c994d28f9f96c42c87f20d9a81b548e8e023de73beb2b5ff7584
SHA512

a14de4c35e64cfa50c52132a4bf4cd9cfd52415f0184fe64514b36280301ef2adfca333d9d51a85b99b72f83f92af9f23f74f6492f4913657104ed9339febdf1
SSDEEP

3072:cazhf//EL6mCvWVPsfUD0xEYDsBTBfCqHGdWlrTl+Tg:thHsRCvW1saYQBTBqgGIsg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d9d32a464969a29be3eb279f06a46713_JaffaCakes118

Files

d9d32a464969a29be3eb279f06a46713_JaffaCakes118
.dll windows:4 windows x86 arch:x86

ee7307ab7f408b9dff50099296b87e33

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

_snprintf
_strnicmp
strlen
strstr
_stricmp
memcmp
atoi
_itoa
memcpy
_ultoa
tolower
memset
_chkstk
_allmul
_alldiv

msvcrt

strtok

ws2_32

WSASocketW
listen
WSASend
WSAGetLastError
WSAWaitForMultipleEvents
WSAIoctl
setsockopt
bind
closesocket
WSARecv
WSACreateEvent
WSAGetOverlappedResult
ntohl
WSASetLastError
getsockname
ntohs
shutdown
WSAStartup

wininet

InternetSetOptionA
InternetCloseHandle
HttpAddRequestHeadersA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetConnectA

oleaut32

SysAllocString
SysFreeString

shlwapi

PathFileExistsA

kernel32

WaitForMultipleObjects
GetVolumeInformationA
GetWindowsDirectoryA
GetFileTime
FindClose
RemoveDirectoryA
TransactNamedPipe
HeapSetInformation
HeapCreate
FindFirstFileA
HeapDestroy
HeapFree
WaitNamedPipeA
FindNextFileA
SetNamedPipeHandleState
HeapAlloc
GetSystemDirectoryA
GetVersionExA
FreeLibrary
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
ExitProcess
GetFileAttributesExA
SetFileAttributesA
CreateDirectoryA
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedExchange
CreateEventA
ProcessIdToSessionId
Process32Next
Process32First
WriteProcessMemory
VirtualAllocEx
Thread32Next
GetModuleHandleA
Thread32First
CreateToolhelp32Snapshot
InterlockedIncrement
InterlockedDecrement
GetCurrentThreadId
GetProcAddress
CloseHandle
OpenThread
GetCurrentProcessId
GetFileSize
lstrcpyA
ReadFile
GetModuleFileNameA
GetModuleFileNameW
InitializeCriticalSection
ResetEvent
lstrcatA
GetLocalTime
WaitForSingleObject
OpenMutexA
InterlockedCompareExchange
lstrlenA
CreateMutexA
SetEvent
TerminateThread
Sleep
OutputDebugStringA
DuplicateHandle
GetExitCodeThread
FlushFileBuffers
ReleaseMutex
OpenEventA
SetUnhandledExceptionFilter
LeaveCriticalSection
GetCurrentThread
VirtualFree
GetLastError
GetFileInformationByHandle
SystemTimeToFileTime
lstrcmpiA
GetSystemTime
GetCurrentProcess
WriteFile
EnterCriticalSection
CreateFileA
CreateThread
VirtualFreeEx
DisconnectNamedPipe
CreateNamedPipeA
ConnectNamedPipe
PeekNamedPipe
GetTempPathA
lstrcmpA
SetFilePointer
GetTickCount
SetEndOfFile
GetSystemDefaultLangID
GetTempFileNameA
DeleteCriticalSection
VirtualProtect
FlushInstructionCache
VirtualQuery
VirtualAlloc
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
SetLastError
lstrcmpW
MultiByteToWideChar
DeleteFileA
CreateProcessA
GetFileAttributesA
LoadLibraryA
CreateRemoteThread
OpenProcess

user32

SetForegroundWindow
ShowWindow
PeekMessageA
WaitForInputIdle
MsgWaitForMultipleObjects
GetSystemMetrics
wsprintfA
DispatchMessageA

advapi32

OpenSCManagerA
CloseServiceHandle
OpenServiceA
ControlService
ChangeServiceConfigA
RegDeleteKeyA
RegQueryValueExA
RegCreateKeyExA
RegQueryInfoKeyA
RegEnumKeyExA
RegSetValueExA
RegCloseKey
RegOpenKeyExA

shell32

ShellExecuteA
SHGetFolderPathA

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance

Exports

Exports

DllGetClassObject
EventStartup

Sections

.text
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ee7307ab7f408b9dff50099296b87e33

Headers

File Characteristics

Imports

ntdll

msvcrt

ws2_32

wininet

oleaut32

shlwapi

kernel32

user32

advapi32

shell32

ole32

Exports

Exports

Sections

.text Size: 88KB - Virtual size: 86KB

.rdata Size: 28KB - Virtual size: 25KB

.data Size: 4KB - Virtual size: 5KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 88KB - Virtual size: 86KB

.rdata
Size: 28KB - Virtual size: 25KB

.data
Size: 4KB - Virtual size: 5KB

.reloc
Size: 8KB - Virtual size: 6KB