fcc463400cd521ac4d79001e352e5bb8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fcc463400cd521ac4d79001e352e5bb8_JaffaCakes118
Size

76KB
MD5

fcc463400cd521ac4d79001e352e5bb8
SHA1

4239a5ba516ccba05707067d56ddc619622ebf02
SHA256

339337e363dd487a2f1d46410cec88c35309ce970858e65dd88a7b26a2db5909
SHA512

eb12419c4449c103fb1d5c0a5c643cb06289d1d3ff9aa92fac1fadd459d3675e5b1941659bc48aa95cb0857eb8915d185c3da7e2e1b63b25ee255ee4005c4370
SSDEEP

1536:oA8a2aMfMYmSqU5YxCSbLBmnNu/bfDVRBKdX:ndcMoqUS1LiuLDVRBKV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fcc463400cd521ac4d79001e352e5bb8_JaffaCakes118

Files

fcc463400cd521ac4d79001e352e5bb8_JaffaCakes118
.dll windows:5 windows x86 arch:x86

55aad9474964c712007c0d46e0048ecb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

StrStrIA
wnsprintfA

wininet

HttpSendRequestA
HttpOpenRequestA
InternetReadFile
InternetCrackUrlA
InternetConnectA
HttpQueryInfoA
InternetOpenA
InternetCloseHandle
InternetGetConnectedState

kernel32

HeapReAlloc
CreateFileA
lstrcmpA
lstrlenA
FreeLibrary
HeapAlloc
GetCurrentProcess
HeapFree
WaitForSingleObject
SleepEx
GetProcessHeap
WriteFile
TerminateThread
CreateProcessA
GetProcAddress
LoadLibraryA
CreateMutexA
ReleaseMutex
CloseHandle
GetTempPathA
LocalFree
CreateThread
GetComputerNameA
GetVolumeInformationA
GetSystemTimeAsFileTime
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
Sleep
GetLastError
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
GetCommandLineA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
RtlUnwind
GetModuleHandleA
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage

advapi32

RegSetValueExA
RegCloseKey
RegCreateKeyA
RegQueryValueExA
GetLengthSid
DuplicateTokenEx
ConvertStringSidToSidW
SetTokenInformation
OpenProcessToken
RegOpenKeyA

Exports

Exports

NP_GetEntryPoints
NP_GetMIMEDescription
NP_Initialize
NP_Shutdown

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

55aad9474964c712007c0d46e0048ecb

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

wininet

kernel32

advapi32

Exports

Exports

Sections

.text Size: 50KB - Virtual size: 50KB

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 4KB - Virtual size: 9KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 50KB - Virtual size: 50KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 9KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 5KB