05a3c5d30c10c7a36c9ea3d3c4200a26_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

05a3c5d30c10c7a36c9ea3d3c4200a26_JaffaCakes118
Size

73KB
MD5

05a3c5d30c10c7a36c9ea3d3c4200a26
SHA1

f3e00958133459e51657f34fff05801ba3dd1670
SHA256

6a6aaa9e04a9d409a3ddc2ff07601b1cebbdb80146ec4c7eefa005f822a52343
SHA512

7ecd3f9ab172bc52988258838f917097f65da2444bca855a42603a4f0527ae6d8d58f9e064836b29ad0c52918765e2809792d400f98e875361f36b8328c0011b
SSDEEP

1536:z5ednay1H4kh7VzR/qGfiqdKYlsxxsTMCAgkAfcvjA4bBzO9szaZDzoJSI:qnay1lJ/T6qdXtkAfcvjLbBzOizaZDz6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
05a3c5d30c10c7a36c9ea3d3c4200a26_JaffaCakes118

Files

05a3c5d30c10c7a36c9ea3d3c4200a26_JaffaCakes118
.dll windows:4 windows x86 arch:x86

5bff15e9d86bb879a3592e63b5982d58

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
GetDriveTypeA
GetLogicalDriveStringsA
GetCurrentProcessId
OpenThread
CreateProcessA
WideCharToMultiByte
lstrlenW
WaitForSingleObject
CreateEventA
ReleaseMutex
SleepEx
PulseEvent
WriteFile
OpenMutexA
GetModuleFileNameA
GetWindowsDirectoryA
DisableThreadLibraryCalls
ReadDirectoryChangesW
GetFileAttributesExA
InterlockedIncrement
InterlockedDecrement
FreeLibraryAndExitThread
GetCurrentThreadId
GetCurrentThread
SetEvent
ResumeThread
SetThreadContext
GetPrivateProfileStringA
GetLastError
SuspendThread
AddVectoredExceptionHandler
RemoveVectoredExceptionHandler
VirtualFree
VirtualProtect
VirtualAlloc
Process32Next
Process32First
CreateToolhelp32Snapshot
Module32Next
Module32First
VirtualQuery
GetSystemInfo
GetProcAddress
Thread32Next
Thread32First
QueryDosDeviceA
OpenProcess
TerminateProcess
GetTempFileNameA
GetTempPathA
GetVersionExA
FindNextFileA
FindFirstFileA
MultiByteToWideChar
ReadFile
CreatePipe
GetModuleHandleA
CreateFileA
CreateFileMappingA
MapViewOfFile
GetFileSize
Sleep
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
CreateThread
OpenEventA
FreeLibrary
WinExec
CopyFileA
CreateMutexA
LoadLibraryA
CloseHandle
GetThreadContext

user32

ShowWindow
MessageBoxA
SetDlgItemTextA
SendMessageA
KillTimer
GetDlgItem
GetClientRect
GetDlgItemTextA
SetWindowPos
CreateDialogParamA
IsWindow
GetWindowThreadProcessId
CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
PrintWindow
GetWindowRect
EnumWindows
EnumChildWindows
GetClassNameA
GetWindowTextA
EnumDesktopWindows
GetDesktopWindow
GetDC
GetWindowDC
IsRectEmpty
SetTimer

gdi32

CreateCompatibleDC
GetDeviceCaps
CreateCompatibleBitmap
SelectObject
BitBlt
DeleteObject
DeleteDC

advapi32

RegEnumValueA
RegQueryValueExA
RegOpenKeyA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegCloseKey

ole32

CreateStreamOnHGlobal
CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

VariantClear
SysStringLen
SysAllocString
SysFreeString

msvcp60

?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z

wininet

HttpEndRequestA
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
DeleteUrlCacheEntry
HttpSendRequestExA
InternetWriteFile
InternetCloseHandle
InternetCrackUrlA
InternetOpenA
InternetConnectA

urlmon

URLDownloadToFileA

ws2_32

WSACleanup
closesocket
setsockopt

shell32

SHGetFolderPathA

psapi

GetProcessImageFileNameA

shlwapi

PathFileExistsA

msvcrt

_mbsrchr
_mbstok
_mbsicmp
atoi
strlen
__CxxFrameHandler
strcat
strcpy
_mbschr
sprintf
??2@YAPAXI@Z
memcpy
_ismbcprint
_mbsnbcpy
_CxxThrowException
printf
free
wcscmp
malloc
_mbsnbicmp
abs
_ltoa
strstr
_except_handler3
__dllonexit
_onexit
??1type_info@@UAE@XZ
_snprintf
_mbscmp
memset
_mbsstr
isalpha
_mbslwr
wcsstr
clock
_mbsupr
_memicmp
_adjust_fdiv
_initterm
memcmp

gdiplus

GdipGetImageEncoders
GdiplusStartup
GdipDisposeImage
GdipSaveImageToStream
GdipCreateBitmapFromHBITMAP
GdipAlloc
GdipCloneImage
GdipFree
GdipGetImageEncodersSize

iphlpapi

GetAdaptersInfo

rpcrt4

UuidCreate
UuidToStringA
RpcStringFreeA

Exports

Exports

?GetOS@Utility@@SAKXZ
_LOADLIBRARY_DUMMY

Sections

.text
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5bff15e9d86bb879a3592e63b5982d58

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

msvcp60

wininet

urlmon

ws2_32

shell32

psapi

shlwapi

msvcrt

gdiplus

iphlpapi

rpcrt4

Exports

Exports

Sections

.text Size: 47KB - Virtual size: 47KB

.rsrc Size: 22KB - Virtual size: 21KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 47KB - Virtual size: 47KB

.rsrc
Size: 22KB - Virtual size: 21KB

.reloc
Size: 3KB - Virtual size: 2KB