dccbb5aa8d91cf44aedec19dbf89d7c1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

dccbb5aa8d91cf44aedec19dbf89d7c1_JaffaCakes118
Size

131KB
MD5

dccbb5aa8d91cf44aedec19dbf89d7c1
SHA1

d555509261eae3f66abb73d565b209eb6b11a8e3
SHA256

a444ed2401df9347eac87104624d16f184aa8433380ee459c7a335744b023a3f
SHA512

0c1b0a0f165b81abff50505b86d21adb7b8bdd37592bf250d9786498d5042a8145206cf96576f401452c7d4dca3aaa7c8e43b48d08b4b9d7901081386ef04118
SSDEEP

3072:jXmCVovJhD87nXA6b2cZIDzbWUic3pKA:V2Jh8Fb2cZIDzbWI0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dccbb5aa8d91cf44aedec19dbf89d7c1_JaffaCakes118

Files

dccbb5aa8d91cf44aedec19dbf89d7c1_JaffaCakes118
.dll windows:4 windows x86 arch:x86

67b4ddd6b3130266dcd67b64e70263e3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLogicalDrives
GetComputerNameA
LoadLibraryA
SetUnhandledExceptionFilter
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileSize
FindClose
GetEnvironmentVariableA
LocalFree
LocalAlloc
GetSystemTimeAsFileTime
DeleteCriticalSection
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetFileTime
ReadFile
GetFullPathNameA
GetTempPathA
FileTimeToSystemTime
SystemTimeToFileTime
GetTimeZoneInformation
GetLocalTime
GetSystemTime
GetTickCount
QueryPerformanceCounter
TerminateProcess
GetModuleFileNameA
GetCurrentThreadId
SetThreadPriority
WinExec
ReleaseSemaphore
ResumeThread
SetThreadContext
GetThreadContext
VirtualAllocEx
CreateProcessA
FreeLibrary
GetProcAddress
GetVersion
GetDriveTypeA
lstrlenA
MoveFileExA
CopyFileA
GetExitCodeProcess
PeekNamedPipe
GetStartupInfoA
CreatePipe
SetFilePointer
lstrcpyA
lstrcpynA
CreateDirectoryA
RemoveDirectoryA
DisableThreadLibraryCalls
ExitProcess
IsBadReadPtr
lstrcatA
lstrcpynW
lstrlenW
CreateMutexA
OpenMutexA
GetModuleHandleA
SetFileTime
ExitThread
CreateToolhelp32Snapshot
Process32Next
Process32First
HeapAlloc
GetProcessHeap
CreateRemoteThread
VirtualProtectEx
OpenProcess
GetVolumeInformationA
FindFirstFileA
FindNextFileA
CreateSemaphoreA
InterlockedDecrement
InterlockedIncrement
OutputDebugStringA
SetEvent
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
CreateMutexW
WaitForSingleObject
GetCurrentThread
TerminateThread
GetSystemDirectoryA
GetTempFileNameA
DeleteFileA
MoveFileA
CreateEventA
GetLastError
Sleep
lstrcmpiA
VirtualProtect
GetCurrentProcess
WriteProcessMemory
GetFileAttributesA
VirtualQuery
VirtualFree
VirtualAlloc
CreateFileA
WriteFile
CreateThread
CloseHandle

user32

wsprintfA
MessageBoxA
GetSystemMetrics
wvsprintfA

advapi32

RegNotifyChangeKeyValue
ConvertStringSecurityDescriptorToSecurityDescriptorA
RegCreateKeyExA
RegEnumValueA
RegDeleteValueA
LookupPrivilegeValueA
AdjustTokenPrivileges
RegSetValueExA
OpenProcessToken
ImpersonateLoggedOnUser
RevertToSelf
GetTokenInformation
LookupAccountSidA
RegOpenKeyExA
RegEnumKeyA
RegQueryValueExA
RegCloseKey

ole32

CreateStreamOnHGlobal

ntdll

_strnicmp
_chkstk
RtlUnwind
memmove
strchr
tolower
_alldiv
_allmul
_strcmpi
NtAllocateVirtualMemory
NtQuerySystemInformation
atoi
strstr
NtFreeVirtualMemory
NtOpenProcess
NtClose
_strlwr

ws2_32

WSAStartup
gethostbyaddr
inet_ntoa
__WSAFDIsSet
accept
gethostname
sendto
WSAGetLastError
htonl
ntohs
ntohl
shutdown
select
WSASetLastError
htons
setsockopt
closesocket
socket
bind
listen
connect
getsockname
recv
inet_addr
gethostbyname
ioctlsocket
recvfrom
send

dnsapi

DnsQuery_A
DnsRecordListFree

mapi32

ord17
ord129
ord140
ord23
ord13
ord21
ord11
ord19
ord138
ord135
ord75

wininet

InternetOpenA
InternetReadFile
InternetOpenUrlA
InternetCloseHandle

shlwapi

StrChrA
StrStrA
StrToIntA
StrCmpNA

dbghelp

ImageRvaToVa

Exports

Exports

WLEntry
WLEntryPoint
WLEventLogoff
WLEventLogon
WLEventShutdown

Sections

.text
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

67b4ddd6b3130266dcd67b64e70263e3

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

ntdll

ws2_32

dnsapi

mapi32

wininet

shlwapi

dbghelp

Exports

Exports

Sections

.text Size: 74KB - Virtual size: 73KB

.rdata Size: 14KB - Virtual size: 13KB

.data Size: 34KB - Virtual size: 50KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 74KB - Virtual size: 73KB

.rdata
Size: 14KB - Virtual size: 13KB

.data
Size: 34KB - Virtual size: 50KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 5KB