0dd446624b02d6134d71923cdfe7c17d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0dd446624b02d6134d71923cdfe7c17d_JaffaCakes118
Size

27KB
MD5

0dd446624b02d6134d71923cdfe7c17d
SHA1

32dcf557ac703cee1f76b51b1e76ee1d16646f36
SHA256

7483c07752502dd573378a0f11acacec16922494af1fa9aab10ad5b3d55b47d8
SHA512

db6871a42b735c8d5f26d9b5791a378f1229653513cd1b40ba654e1a0892637a27200f18359cb2912c62486f7e01e188a8cfbc86c164b815bd28dc6189e27ed1
SSDEEP

384:lvEsMmw3TSx4q32sFU+pKVgNY8UdfMHKF9BKYzHybFOn6gIisWZgmDN593HGnWD3:lMwQQm/+6zfQKF9rmbc6QsYJ5ZH1Dkg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0dd446624b02d6134d71923cdfe7c17d_JaffaCakes118

Files

0dd446624b02d6134d71923cdfe7c17d_JaffaCakes118
.dll windows:4 windows x86 arch:x86

626442c0fe5c7bfea6da0a64c608466b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetReadFile
InternetCloseHandle
InternetOpenUrlA
HttpQueryInfoA
InternetOpenA

rpcrt4

UuidCreate

oleacc

ObjectFromLresult

kernel32

HeapFree
LoadLibraryA
LocalFree
CreateMutexA
WaitForSingleObject
ReleaseMutex
CreateFileA
WriteFile
LocalAlloc
GetLastError
lstrlenA
OpenMutexA
lstrcatA
GetTempPathA
GetTempFileNameA
CreateProcessA
VirtualAllocEx
VirtualProtectEx
FlushInstructionCache
WriteProcessMemory
OpenProcess
GetModuleHandleA
GetProcAddress
CreateRemoteThread
VirtualFreeEx
OpenEventA
SetEvent
ResetEvent
GetProcessHeap
GetFileAttributesExA
ReadFile
GetSystemTimeAsFileTime
GetFileAttributesA
lstrcmpA
GetCurrentThreadId
CreateToolhelp32Snapshot
Process32First
Process32Next
lstrcmpiA
lstrcpyW
lstrlenW
FindFirstFileW
FindClose
lstrcatW
FindFirstChangeNotificationW
WaitForMultipleObjects
FindNextChangeNotification
FindCloseChangeNotification
HeapAlloc
GetFileSize
SetFilePointer
WideCharToMultiByte
FindResourceA
LockResource
LoadResource
SizeofResource
MultiByteToWideChar
CreateFileMappingA
MapViewOfFile
FlushViewOfFile
UnmapViewOfFile
GetEnvironmentVariableA
CopyFileA
FreeLibrary
GetTempPathW
DeleteFileW
MoveFileExA
GetCommandLineA
lstrcpyA
CreateThread
InterlockedIncrement
GetModuleFileNameA
DisableThreadLibraryCalls
CloseHandle
GetCurrentProcess
FreeLibraryAndExitThread
Sleep
InterlockedDecrement
CreateEventA
CreateFileW

user32

SendMessageA
GetClassNameA
SendMessageTimeoutA
SetWindowsHookExA
SetThreadDesktop
GetWindowThreadProcessId
CallNextHookEx
UnhookWindowsHookEx
wsprintfA
CharLowerA
GetThreadDesktop
RegisterWindowMessageA
CharUpperA
FindWindowA

advapi32

GetTokenInformation
OpenProcessToken
AllocateAndInitializeSid
RegDeleteValueA
RegEnumValueA
RegQueryInfoKeyA
RegCloseKey
EqualSid
FreeSid
CreateWellKnownSid
GetLengthSid
InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorSacl
GetUserNameW
RegOpenKeyExA
RegNotifyChangeKeyValue
RegDeleteKeyA
LookupPrivilegeValueA
AdjustTokenPrivileges

shell32

ShellExecuteW

ole32

CoUninitialize
StringFromCLSID
CoTaskMemFree
CoFreeUnusedLibraries
CoInitialize
CoCreateInstance
CoInitializeEx

oleaut32

SysAllocString
SysFreeString

Exports

Exports

DllCanUnloadNow
Export
Install
Shutdown
StartShell
Uninstall

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 1024B - Virtual size: 628B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 744B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

626442c0fe5c7bfea6da0a64c608466b

Headers

DLL Characteristics

File Characteristics

Imports

wininet

rpcrt4

oleacc

kernel32

user32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 16KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 4KB

.shared Size: 1024B - Virtual size: 628B

.rsrc Size: 1024B - Virtual size: 744B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 16KB - Virtual size: 16KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 4KB

.shared
Size: 1024B - Virtual size: 628B

.rsrc
Size: 1024B - Virtual size: 744B

.reloc
Size: 2KB - Virtual size: 1KB