e04857629531dc92832db91f48764468_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e04857629531dc92832db91f48764468_JaffaCakes118
Size

259KB
MD5

e04857629531dc92832db91f48764468
SHA1

9dbfb5f3da905b988ce106f6da072cb5e9d6c2ae
SHA256

96a6a0f9d634d96b63619397aee3c7880b488a62f32370f99112b1827996a388
SHA512

7de78df24343c32cf43c059d6ad43fc7ed15ca1d8e20ab92afeeed2e1feb2d013fe754bdb2060ce8a116c4a0d351dac67981fd580b0a12ac3670017862fc64fe
SSDEEP

3072:ngJZqsAcE71ukiNLgu6FnN4wEGGWa8YVhlu4tcpnlBPKJbAbLqUy64cHp:MZqsAciA6NN6MY9cpnlBPKJbyLzB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e04857629531dc92832db91f48764468_JaffaCakes118

Files

e04857629531dc92832db91f48764468_JaffaCakes118
.dll .js windows:5 windows x86 arch:x86 polyglot

ed4f4a81a0d10a5500636ae28e73fe69

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\!Free-Lance\!!!!!!\kernel_core\plugins\spy_plugin\out\Debug\spydll.pdb

Imports

ntdll

RtlInitAnsiString
RtlAnsiStringToUnicodeString
RtlInitUnicodeString
ZwUnloadDriver
ZwLoadDriver
_strcmpi
strcat
strchr
isdigit
strcpy
ZwQuerySystemInformation
_fltused
strncmp
memmove
_strnicmp
_chkstk
strncpy
strcmp
memcmp
sprintf
memcpy
wcsstr
strstr
atol
memset
atoi
strlen
_wtoi
ZwQueryInformationProcess
strrchr
_stricmp
wcscmp
_wcsicmp
wcslen
_wtol
_snprintf

shlwapi

PathFindFileNameA
PathAppendA
PathCombineA

wsock32

closesocket
htons
WSAStartup
socket
connect
ioctlsocket

wininet

InternetReadFile
InternetOpenUrlA
InternetGetCookieA
InternetCrackUrlW
FindCloseUrlCache
FindNextUrlCacheEntryA
DeleteUrlCacheEntry
FindFirstUrlCacheEntryA
InternetCloseHandle
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenA
InternetQueryOptionA
GetUrlCacheEntryInfoA
InternetCrackUrlA

rpcrt4

UuidCreate

gdiplus

GdipAlloc
GdipCreateBitmapFromHBITMAP
GdipCloneImage
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipFree
GdipSaveImageToStream
GdipDisposeImage
GdiplusStartup

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

psapi

EnumProcessModules

kernel32

IsBadReadPtr
CreateFileA
OpenMutexA
IsBadWritePtr
CreateMutexA
ReleaseMutex
SetThreadPriority
VirtualFreeEx
GetVolumeInformationA
GlobalMemoryStatusEx
RemoveDirectoryA
GetVersionExA
SetFileTime
GetFileSize
TlsAlloc
SetLastError
SetEndOfFile
GetCurrentThreadId
GetWindowsDirectoryA
CreateProcessA
GetCurrentProcess
CreateToolhelp32Snapshot
Process32First
Process32Next
VirtualLock
VirtualUnlock
UnmapViewOfFile
CreateFileMappingA
MapViewOfFile
FindFirstFileA
DeleteFileA
FindNextFileA
FindClose
VirtualProtect
FileTimeToSystemTime
SystemTimeToFileTime
HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc
GetLocalTime
GetDateFormatA
GetTimeFormatA
GetTimeZoneInformation
GetModuleFileNameA
OpenEventA
GetProcAddress
LoadLibraryA
GetModuleHandleA
WideCharToMultiByte
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
MultiByteToWideChar
CloseHandle
OpenProcess
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
Sleep
ResumeThread
OpenThread
GetLastError
LocalFree
WaitForSingleObject
CreateEventA
LocalAlloc
GetCurrentProcessId
InterlockedIncrement
InterlockedDecrement
CreateThread
GetTickCount
SetEvent
TerminateThread
WriteFile
lstrlenA
GetStdHandle
OutputDebugStringA
ReadFile
ConnectNamedPipe
CreateNamedPipeA
lstrcatA
lstrcpyA
FlushFileBuffers

user32

GetWindowDC
ReleaseDC
LoadCursorA
CopyIcon
DestroyCursor
GetWindowRect
GetIconInfo
DestroyIcon
wvsprintfA
PostMessageA
GetForegroundWindow
GetMessageA
TranslateMessage
DispatchMessageA
GetWindowThreadProcessId
IsWindow
SetForegroundWindow
GetKeyState
GetAsyncKeyState
GetCursorPos
wsprintfA
MessageBoxA
MessageBoxW

gdi32

CreateCompatibleDC
DeleteDC
DeleteObject
CreateDCA
BitBlt
SelectObject
CreateFontA
SetTextColor
SetBkColor
SetROP2
CreateSolidBrush
CreatePen
Ellipse
TextOutA
CreateCompatibleBitmap

advapi32

RegEnumValueA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
ConvertStringSecurityDescriptorToSecurityDescriptorA
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegEnumKeyA
RegDeleteKeyA
RegFlushKey
GetUserNameA
GetTokenInformation
LookupAccountSidA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCloseKey

shell32

SHGetSpecialFolderPathA
SHFileOperationA

ole32

CoInitialize
CoCreateInstance
CoUninitialize
CreateStreamOnHGlobal

oleaut32

SysAllocString
SysAllocStringLen
VariantClear
VariantInit
SysFreeString

Sections

.text
Size: 251KB - Virtual size: 251KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ed4f4a81a0d10a5500636ae28e73fe69

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

shlwapi

wsock32

wininet

rpcrt4

gdiplus

version

psapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 251KB - Virtual size: 251KB

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 251KB - Virtual size: 251KB

.reloc
Size: 7KB - Virtual size: 7KB