0ada3c8ff9275d100161db28587a139d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0ada3c8ff9275d100161db28587a139d_JaffaCakes118
Size

24KB
MD5

0ada3c8ff9275d100161db28587a139d
SHA1

890027213c92b786e7a4a671aa0426f4feee5230
SHA256

623872901e9cefbd00b3fe47b0aabba51b2da1768c4ab0a0715dbefd4171b8a4
SHA512

31cb51c0af847fd4cdfbc841c0e3d85c6664cd556e69ad054e966e34b5507b01670d83391cba47a383bd3369b5eb7610ee20ec6981b3d3653f11fc4277bee933
SSDEEP

384:dpJFWX+ISsadKYTI4yrCGFFjQS8AqGA1X2nI+5YKNru8VSwVhwlHgq:zGvrNjQSo1X2nVYKNu8kahwlHgq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0ada3c8ff9275d100161db28587a139d_JaffaCakes118

Files

0ada3c8ff9275d100161db28587a139d_JaffaCakes118
.dll windows:4 windows x86 arch:x86

1552d15783eee8c4848ad726ea5da0e7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
GlobalAlloc
TerminateProcess
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
GetVersionExA
GetLastError
GetCurrentProcess
GetProcAddress
lstrlenA
GetExitCodeThread
WaitForSingleObject
CreateThread
lstrcpynA
WriteFile
Sleep
DeleteFileA
GlobalAddAtomA
GlobalDeleteAtom
GlobalFindAtomA
CreateProcessA
ReleaseMutex
CreateMutexA
FindClose
FindFirstFileA
SetLastError
GetModuleHandleA
WideCharToMultiByte
LocalSize
LocalAlloc
LocalReAlloc
LocalFree
lstrcpyA
CreateFileA
GetFileSize
ReadFile
LoadLibraryA
CloseHandle

user32

wsprintfA

advapi32

RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

ShellExecuteA

ole32

CoCreateInstance
CoUninitialize
CoInitializeSecurity
CoInitializeEx
CoSetProxyBlanket

oleaut32

VariantClear

wininet

InternetReadFile
HttpQueryInfoA
InternetOpenUrlA
InternetCloseHandle
InternetOpenA
DeleteUrlCacheEntry

msvcrt

_stricmp
??1type_info@@UAE@XZ
_onexit
__dllonexit
_adjust_fdiv
_initterm
_CxxThrowException
wcslen
_except_handler3
strcmp
strncmp
strchr
malloc
realloc
strncat
free
time
sprintf
strncpy
strrchr
__CxxFrameHandler
??3@YAXPAX@Z
atol
strlen
strstr
memset
??2@YAPAXI@Z
strcat
strcpy

tapi32

lineOpenA
lineShutdown
lineInitialize
lineNegotiateAPIVersion
lineGetNewCalls
lineGetCallInfoA

iphlpapi

GetAdaptersInfo
GetIfEntry

shlwapi

StrTrimA

Exports

Exports

ClearTest
Log1
Log2
OpenFeedback
Test

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1552d15783eee8c4848ad726ea5da0e7

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

wininet

msvcrt

tapi32

iphlpapi

shlwapi

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB