ec05817e19039c2f6cc2c021e2ea0016_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ec05817e19039c2f6cc2c021e2ea0016_JaffaCakes118
Size

1.7MB
MD5

ec05817e19039c2f6cc2c021e2ea0016
SHA1

be7215f294c41baabc1d31cbc1a68fc75fbd4bd2
SHA256

cdf74f48c9ea905682155441cf03f4207dbeb2a2f09c4605a5cf4a9a367286e8
SHA512

3e9ed734fa5e67bd63522b9dc8de42fea32b2d60705e4523a974c140640883f26a87fcff07d4120816889157a7d3b1211a1cbbb0ca53e2de3bf7faaa630605ea
SSDEEP

24576:86ddS5MIs4bFGTw24ZNlcdq/MC4hjlpFLyi0hh2X7V0dSYSXwQqPtwjTBIv:Zd05MIs4bFGL4aFp1t0hh1PSAQqPtw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ec05817e19039c2f6cc2c021e2ea0016_JaffaCakes118

Files

ec05817e19039c2f6cc2c021e2ea0016_JaffaCakes118
.dll windows:6 windows x64 arch:x64

0021bdf744df637e7e3f8382fa942b8b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
GetModuleHandleW
GetProcAddress
MultiByteToWideChar
SwitchToFiber
DeleteFiber
CreateFiber
WideCharToMultiByte
GetSystemTimeAsFileTime
ConvertFiberToThread
ConvertThreadToFiber
QueryPerformanceCounter
GetCurrentProcessId
GetTickCount
GlobalMemoryStatus
GetEnvironmentVariableW
GetConsoleMode
ReadConsoleA
ReadConsoleW
SetConsoleMode
SetLastError
GetSystemTime
SystemTimeToFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlPcToFileHeader
EncodePointer
RaiseException
RtlUnwindEx
InterlockedFlushSList
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
WriteFile
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
SetConsoleCtrlHandler
ReadFile
GetModuleFileNameA
HeapFree
HeapAlloc
GetStringTypeW
GetACP
HeapReAlloc
CompareStringW
LCMapStringW
GetConsoleCP
CloseHandle
FlushFileBuffers
SetFilePointerEx
SetStdHandle
FindClose
FindFirstFileExA
FindNextFileA
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetProcessHeap
WriteConsoleW
CreateFileW
HeapSize
SetEndOfFile
GetFileType
GetStdHandle
FindFirstFileW
GetDriveTypeW
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetCurrentDirectoryW
GetFullPathNameW
CreateThread
WaitForSingleObject
lstrcpyW
Sleep
VirtualAlloc
TlsSetValue
VirtualFree
GetTimeZoneInformation

ws2_32

WSACleanup
WSAGetLastError
recv
send
WSASetLastError
setsockopt
htons
connect
socket
WSAStartup
__WSAFDIsSet
closesocket
select
inet_addr

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

user32

GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW

advapi32

CryptGenRandom
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptEnumProvidersW

crypt32

CertGetCertificateContextProperty
CertFreeCertificateContext
CertDuplicateCertificateContext
CertFindCertificateInStore
CertCloseStore
CertEnumCertificatesInStore
CertOpenStore

Exports

Exports

ieowjwefjewi

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 467KB - Virtual size: 466KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 58KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0021bdf744df637e7e3f8382fa942b8b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ws2_32

ntdll

user32

advapi32

crypt32

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 467KB - Virtual size: 466KB

.data Size: 58KB - Virtual size: 125KB

.pdata Size: 64KB - Virtual size: 64KB

.gfids Size: 512B - Virtual size: 200B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 21KB - Virtual size: 20KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 467KB - Virtual size: 466KB

.data
Size: 58KB - Virtual size: 125KB

.pdata
Size: 64KB - Virtual size: 64KB

.gfids
Size: 512B - Virtual size: 200B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 21KB - Virtual size: 20KB