05d7d49c9858e1d1c1970d82b9907eda_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

05d7d49c9858e1d1c1970d82b9907eda_JaffaCakes118
Size

52KB
MD5

05d7d49c9858e1d1c1970d82b9907eda
SHA1

3bf435db1f6a18439d875ae83a0b3f62d36cf644
SHA256

f39adc7a86beff3966a84104d7b9d1e2481f88350f866d0ff5a5c6dd651376ac
SHA512

f73b80bba7a06e80c3b4b69480b0b011bf7d855790aa407e33201b405af8de50f7d6f4be9c7ef14101a49d54b8ffbc61cece6d363098887bb7b7796a43c45bc4
SSDEEP

1536:7Oatzw9ewxyM6z5cimC85L0YiPUykwSatAFe:ZtMN617+L7wSatke

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
05d7d49c9858e1d1c1970d82b9907eda_JaffaCakes118

Files

05d7d49c9858e1d1c1970d82b9907eda_JaffaCakes118
.dll windows:4 windows x86 arch:x86

980a0aa51084ec3426767df2f19183e2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileMappingA
CreateFileA
WaitForSingleObject
CreateEventA
ReleaseMutex
SleepEx
PulseEvent
WriteFile
OpenEventA
OpenMutexA
GetModuleFileNameA
GetWindowsDirectoryA
DisableThreadLibraryCalls
ReadDirectoryChangesW
GetFileAttributesExA
WideCharToMultiByte
GetDriveTypeA
GetLogicalDriveStringsA
InterlockedIncrement
InterlockedDecrement
GetCurrentProcess
GetProcAddress
GetModuleHandleA
FreeLibraryAndExitThread
MapViewOfFile
VirtualProtect
VirtualAlloc
MultiByteToWideChar
TerminateProcess
OpenProcess
GetCurrentProcessId
lstrlenW
Process32Next
Process32First
CreateToolhelp32Snapshot
Module32Next
Module32First
VirtualQuery
GetSystemInfo
Thread32Next
Thread32First
QueryDosDeviceA
GetVersionExA
FindNextFileA
FindFirstFileA
ReadFile
CreatePipe
GetLastError
GetFileSize
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
CreateThread
GetTempPathA
GetTempFileNameA
Sleep
CreateProcessA
WinExec
CopyFileA
SetFileAttributesA
FreeLibrary
CreateMutexA
LoadLibraryA
VirtualFree
CloseHandle

user32

PrintWindow
GetDesktopWindow
EnumDesktopWindows
GetWindowTextA
GetClassNameA
GetWindowDC
IsWindow
IsRectEmpty
GetClientRect
EnumChildWindows
UnhookWindowsHookEx
GetWindowThreadProcessId
SetWindowsHookExA
EnumWindows
GetWindowRect
GetDC
CallNextHookEx

gdi32

DeleteObject
CreateCompatibleDC
GetDeviceCaps
CreateCompatibleBitmap
SelectObject
DeleteDC
BitBlt

advapi32

RegEnumValueA
RegQueryValueExA
RegOpenKeyA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegCloseKey

ole32

CreateStreamOnHGlobal
CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysAllocString
SysStringLen
SysFreeString
VariantClear

msvcp60

??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z

wininet

HttpQueryInfoA
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetConnectA
InternetOpenA
InternetCrackUrlA
HttpEndRequestA
InternetWriteFile
HttpSendRequestExA
InternetCloseHandle

urlmon

URLDownloadToFileA

ws2_32

closesocket
setsockopt
WSACleanup

psapi

GetProcessImageFileNameA

shlwapi

PathFileExistsA

msvcrt

??1type_info@@UAE@XZ
__dllonexit
_onexit
_initterm
_adjust_fdiv
fclose
_except_handler3
wcscmp
_memicmp
free
_mbscmp
_CxxThrowException
_mbsupr
_snprintf
_ismbcprint
printf
atol
strstr
_ltoa
abs
wcsstr
_mbslwr
_wcsicmp
_mbsstr
fopen
malloc
fgets
memcmp
strncpy
memset
clock
_mbsrchr
_mbsnbcpy
_mbsicmp
_mbstok
atoi
strlen
_mbschr
__CxxFrameHandler
strcat
strcpy
sprintf
??2@YAPAXI@Z
memcpy

gdiplus

GdiplusStartup
GdipSaveImageToStream
GdipDisposeImage
GdipFree
GdipCloneImage
GdipAlloc
GdipCreateBitmapFromHBITMAP
GdipGetImageEncodersSize
GdipGetImageEncoders

iphlpapi

GetAdaptersInfo

rpcrt4

UuidToStringA
UuidCreate
RpcStringFreeA

shell32

SHGetFolderPathA

Exports

Exports

?GetOS@Utility@@SAKXZ
_LOADLIBRARY_DUMMY

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

980a0aa51084ec3426767df2f19183e2

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

msvcp60

wininet

urlmon

ws2_32

psapi

shlwapi

msvcrt

gdiplus

iphlpapi

rpcrt4

shell32

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 47KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 48KB - Virtual size: 47KB

.reloc
Size: 3KB - Virtual size: 2KB