fe867202f5078356d7c8481ea9b89fd6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fe867202f5078356d7c8481ea9b89fd6_JaffaCakes118
Size

240KB
MD5

fe867202f5078356d7c8481ea9b89fd6
SHA1

440c8e60f5d66798b5d48d11853e8574eb716737
SHA256

2e9083ed63d2d635ea8d35a4e86a56dc3b1c7c3a31e663c5d5311b8f65cb54a7
SHA512

a0a0068d0f426271aef37af10273619b8be9abb5dad494d7c4a7b9c41ad539c10dec04b9ff8ef1ce3530b46bcb637015fa53363a40831b22574ffd6fad29593c
SSDEEP

3072:6Jh+mX7EHtpoFagLEwhrQnW5aS4AwpXz3sQ+wommTEi9oTezatnFIYitJ:eQMYHzWawDhrQ+aS4AwZ72mmIi9o7O

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fe867202f5078356d7c8481ea9b89fd6_JaffaCakes118

Files

fe867202f5078356d7c8481ea9b89fd6_JaffaCakes118
.dll windows:4 windows x86 arch:x86

06f13152be0a667f3f3bdb2cf04e7b07

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

dnsapi

DnsQuery_W
DnsRecordListFree

ws2_32

inet_addr
getnameinfo

wininet

InternetCloseHandle
InternetOpenW
InternetOpenUrlW
InternetReadFile
HttpQueryInfoW

kernel32

GetLocalTime
lstrcatW
MoveFileW
WideCharToMultiByte
ReadFile
GetFileSize
SetFilePointer
CreateFileW
CreateThread
SystemTimeToFileTime
InterlockedDecrement
InterlockedIncrement
GetProcAddress
LoadLibraryW
GetTickCount
GetModuleFileNameW
LocalFree
CreateEventW
SetEvent
Sleep
ResetEvent
OpenEventW
UnmapViewOfFile
RaiseException
EnterCriticalSection
LeaveCriticalSection
MapViewOfFile
CreateFileMappingW
lstrcpynA
lstrlenA
MultiByteToWideChar
FreeLibrary
SetWaitableTimer
CancelWaitableTimer
GetLastError
CreateWaitableTimerW
OpenWaitableTimerW
InitializeCriticalSection
DeleteCriticalSection
OpenMutexW
GetExitCodeThread
ExitProcess
FreeLibraryAndExitThread
DisableThreadLibraryCalls
GetVersionExW
GetCurrentProcess
GetCurrentThread
lstrcmpW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
OutputDebugStringW
SetEndOfFile
WriteFile
SetLastError
lstrcmpiA
lstrcpyA
lstrcatA
lstrcmpiW
FindClose
FindNextFileW
FindFirstFileW
GetSystemTime
GetCurrentProcessId
WaitForMultipleObjects
FlushFileBuffers
CreateDirectoryW
RemoveDirectoryW
DeleteFileW
GetFileType
SetHandleCount
GetModuleFileNameA
GetStdHandle
GetOEMCP
VirtualQuery
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
HeapSize
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
GetStringTypeW
GetStringTypeA
GetCPInfo
ReleaseMutex
CreateMutexW
WaitForSingleObject
lstrcpyW
CreateProcessW
CloseHandle
lstrlenW
lstrcpynW
GetSystemWindowsDirectoryW
GetVolumeInformationW
LCMapStringW
GetLocaleInfoW
LoadLibraryA
IsValidCodePage
LCMapStringA
GetProcessHeap
GetCommandLineA
GetCurrentThreadId
HeapReAlloc
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapAlloc
GetSystemTimeAsFileTime
HeapFree
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
InterlockedCompareExchange
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetStartupInfoA

user32

AllowSetForegroundWindow
UnregisterClassA
SetWindowsHookExW
PostMessageW
CallNextHookEx
UnhookWindowsHookEx
SetForegroundWindow
SetWindowTextW
EnumChildWindows
FindWindowExW
SendMessageW
UpdateWindow
IsCharAlphaNumericW
IsCharAlphaW
MsgWaitForMultipleObjects
PeekMessageW
TranslateMessage
DispatchMessageW
wsprintfW
LockSetForegroundWindow

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegFlushKey
RegNotifyChangeKeyValue
ImpersonateSelf
OpenProcessToken
DuplicateTokenEx
GetLengthSid
SetTokenInformation
SetThreadToken
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityInfo
RegCreateKeyExW
RegDeleteValueW
RegSetValueExW
CreateProcessAsUserW

shell32

SHGetFolderPathW
SHGetSpecialFolderPathW
SHCreateDirectoryExW
ord680

ole32

CoInitializeEx
CoCreateInstance
CoUninitialize
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CoTaskMemFree
StringFromCLSID
CoCreateGuid
OleRun

oleaut32

SafeArrayCreateVector
GetErrorInfo
SysAllocString
SysFreeString
VariantInit
VariantClear
SysStringLen
DispCallFunc
LoadRegTypeLi
LoadTypeLi
SysAllocStringByteLen
SysStringByteLen
SafeArrayUnaccessData
SafeArrayDestroy
SysAllocStringLen
VariantCopy
SafeArrayAccessData

shlwapi

StrChrIW
StrStrIA
StrStrIW
PathFileExistsW
UrlEscapeW
UrlUnescapeW
StrCmpNW
StrRStrIW

Exports

Exports

Startup
e
l
r

Sections

.text
Size: 152KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

06f13152be0a667f3f3bdb2cf04e7b07

Headers

File Characteristics

Imports

dnsapi

ws2_32

wininet

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

Exports

Exports

Sections

.text Size: 152KB - Virtual size: 149KB

.rdata Size: 48KB - Virtual size: 46KB

.data Size: 20KB - Virtual size: 39KB

.reloc Size: 16KB - Virtual size: 14KB

.text
Size: 152KB - Virtual size: 149KB

.rdata
Size: 48KB - Virtual size: 46KB

.data
Size: 20KB - Virtual size: 39KB

.reloc
Size: 16KB - Virtual size: 14KB