0a904ca4c20a532375211b41f68309ab_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0a904ca4c20a532375211b41f68309ab_JaffaCakes118
Size

164KB
MD5

0a904ca4c20a532375211b41f68309ab
SHA1

17ecbd97d83ba34eedd8808ee0d6c5ce31256dec
SHA256

e0e87ae2e1eb47e841d4f0eb6f5d523d7ef7b2624daa0299b87fbe7dfa2fac33
SHA512

ce7dccb68988a83a7af15837f1987f93d3bb791a59b156619041a8166723e66dd484756e61b2b85e1a8bb3bffa2b5826ff9aba3732f2cfce5f8a1a82395b5426
SSDEEP

3072:NcagbSLJmB2TODpCLuXnU6VU3LH/EMdL5DPrUUMC/bDI:Nca+B2ThLu3U6VU7fEMdLhPrU5CPI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0a904ca4c20a532375211b41f68309ab_JaffaCakes118

Files

0a904ca4c20a532375211b41f68309ab_JaffaCakes118
.dll windows:4 windows x86 arch:x86

52bea1505379018ea4dba936d4c01850

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

getpeername
WSAGetLastError
closesocket
WSCEnumProtocols
inet_ntoa
ntohs
getsockname

mfc42

ord4202
ord940
ord1105
ord5861
ord654
ord6779
ord924
ord2818
ord6282
ord6143
ord923
ord5683
ord341
ord4129
ord6648
ord287
ord610
ord2764
ord4278
ord4277
ord6663
ord922
ord803
ord543
ord3584
ord6383
ord5440
ord6394
ord5450
ord3663
ord541
ord801
ord538
ord389
ord1228
ord690
ord6426
ord5204
ord5807
ord926
ord858
ord5356
ord2915
ord5572
ord540
ord939
ord800
ord5608
ord535
ord6877
ord823
ord5857
ord860
ord537
ord6883
ord825
ord5858

msvcrt

_adjust_fdiv
_initterm
?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
??1type_info@@UAE@XZ
wcstombs
strcpy
memcmp
strpbrk
_CxxThrowException
??0exception@@QAE@ABV0@@Z
atoi
strncmp
isalnum
isalpha
__isascii
iscntrl
isgraph
isprint
ispunct
isxdigit
isupper
islower
isspace
tolower
_purecall
_ftol
isdigit
strcmp
malloc
exit
_iob
fprintf
realloc
rand
free
calloc
wcslen
wcsstr
wcscpy
memmove
sscanf
memset
memcpy
_EH_prolog
__CxxFrameHandler
strlen
toupper
sprintf

kernel32

TlsAlloc
FreeLibrary
ExpandEnvironmentStringsA
ReleaseSemaphore
PostQueuedCompletionStatus
GetVersionExA
GetSystemInfo
CreateSemaphoreA
CreateIoCompletionPort
WaitForSingleObjectEx
GetQueuedCompletionStatus
CreateThread
MultiByteToWideChar
FreeLibraryAndExitThread
lstrlenA
CreateEventA
FindFirstFileA
FindNextFileA
DeleteFileA
FindClose
CreateMutexA
GetLastError
GetModuleHandleA
GetProcAddress
WaitForSingleObject
CloseHandle
TlsSetValue
SetLastError
LoadLibraryA
ResetEvent
TlsGetValue
Sleep
SetEvent
GetTickCount
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
TlsFree

user32

PostThreadMessageA
LoadIconA
LoadCursorA
RegisterClassA
CreateWindowExA
SetWindowLongA
DestroyWindow
GetWindowLongA
DefWindowProcA
SetTimer
GetMessageA
TranslateMessage
DispatchMessageA

gdi32

GetStockObject

advapi32

GetUserNameA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA

msvcp60

?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
??1_Winit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??0runtime_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??1runtime_error@std@@UAE@XZ
??0runtime_error@std@@QAE@ABV01@@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD0@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??0Init@ios_base@std@@QAE@XZ
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z

wininet

DeleteUrlCacheEntry
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA
FindCloseUrlCache

Exports

Exports

WSPStartup

Sections

.text
Size: 120KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

52bea1505379018ea4dba936d4c01850

Headers

File Characteristics

Imports

ws2_32

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

msvcp60

wininet

Exports

Exports

Sections

.text Size: 120KB - Virtual size: 116KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 12KB - Virtual size: 8KB

.reloc Size: 12KB - Virtual size: 8KB

.text
Size: 120KB - Virtual size: 116KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 12KB - Virtual size: 8KB

.reloc
Size: 12KB - Virtual size: 8KB