018dd6d0b960794abd601c9c53506f7a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

018dd6d0b960794abd601c9c53506f7a_JaffaCakes118
Size

324KB
MD5

018dd6d0b960794abd601c9c53506f7a
SHA1

5e1ffc1216c1d2494ba80fd9c86bd7f999474d5c
SHA256

e7352170e17e9e417c86fa67ab74a0f707862620630d2e8abf7dc9e5cf72351c
SHA512

0de58c3360c86fac0f3e9c795a640e0e70839e40c7fa84487a7c5b13c6d1e090afa3bbdd1283a30f9dea1302f00bfd356f8693b2ba7fd3a40b1d3498c1ef3a11
SSDEEP

6144:4wE55SpUA/fyme0A+OTe1tvVwLjQkySt1UA3nqQmnMuDF8KihuZDe5EuE5SFgI+:437A/6xdTeVi87YnnmnM48KiwkVbFgI+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
018dd6d0b960794abd601c9c53506f7a_JaffaCakes118

Files

018dd6d0b960794abd601c9c53506f7a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

1a23013676e14fa8d202ba7adea02cdc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

userenv

RsopSetPolicySettingStatus

mswsock

GetAcceptExSockaddrs
AcceptEx

kernel32

lstrcpyW
lstrcmpiW
DeleteCriticalSection
LoadLibraryA
EnterCriticalSection
WideCharToMultiByte
FormatMessageW
SetEvent
lstrlenW
ExpandEnvironmentStringsW
LoadLibraryW
SetErrorMode
DelayLoadFailureHook
GetLocaleInfoW
GetProcAddress
SetLastError
InitializeCriticalSectionAndSpinCount
MultiByteToWideChar
CreateThread
LocalAlloc
FindResourceExW
GlobalFree
MulDiv
GetDriveTypeW
UnhandledExceptionFilter
GetModuleHandleA
GetCurrentProcess
LocalReAlloc
LockResource
GetCurrentDirectoryW
GetFileAttributesW
FindResourceW
FreeLibrary
ResetEvent
CreateFileW
lstrcmpW
QueryPerformanceCounter
InterlockedCompareExchange
TerminateProcess
GlobalReAlloc
GetProfileStringW
GetTickCount
InterlockedIncrement
GetVolumeInformationW
GetProcessVersion
LocalSize
TlsGetValue
LoadResource
DeleteFileW
lstrlenA
FreeLibraryAndExitThread
GetUserDefaultLCID
FindClose
InterlockedDecrement
GetLastError
WaitForSingleObject
GetCurrentThreadId
GlobalLock
LocalFree
lstrcpynW
SetCurrentDirectoryW
TlsAlloc
FindNextFileW
GlobalUnlock
CloseHandle
lstrcpyA
GetACP
GlobalAlloc
InterlockedExchange
GetModuleHandleW
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetTempFileNameW
TlsSetValue
SetUnhandledExceptionFilter
LeaveCriticalSection
CreateEventW
GetVersionExA
GetShortPathNameW
FindFirstFileW
FreeResource
GetSystemDefaultUILanguage
GetFullPathNameW
SizeofResource
FindResourceA
GetCurrentProcessId
GetModuleFileNameW
TlsFree

ntdll

RtlInitUnicodeStringEx
RtlUnicodeStringToAnsiString
_vsnwprintf
RtlAnsiStringToUnicodeString
strlen
RtlUnwind
wcslen
RtlIsNameLegalDOS8Dot3
RtlUnicodeToMultiByteSize
NtQueryVirtualMemory
_chkstk
NtAllocateVirtualMemory

ole32

CoUninitialize
CoCreateInstance
CoInitializeEx
CoTaskMemFree

dnsapi

DnsReplaceRecordSetW

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 276KB - Virtual size: 275KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 6KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1a23013676e14fa8d202ba7adea02cdc

Headers

DLL Characteristics

File Characteristics

Imports

userenv

mswsock

kernel32

ntdll

ole32

dnsapi

Sections

.text Size: 7KB - Virtual size: 6KB

.rsrc Size: 33KB - Virtual size: 33KB

.rdata Size: 276KB - Virtual size: 275KB

.data Size: 6KB - Virtual size: 1.4MB

.tls Size: 512B - Virtual size: 4KB

.text
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 33KB - Virtual size: 33KB

.rdata
Size: 276KB - Virtual size: 275KB

.data
Size: 6KB - Virtual size: 1.4MB

.tls
Size: 512B - Virtual size: 4KB