1330503563faddad7e3d8cf39c0e63d7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1330503563faddad7e3d8cf39c0e63d7_JaffaCakes118
Size

231KB
MD5

1330503563faddad7e3d8cf39c0e63d7
SHA1

4a08c0859ae1cca7be5bbbb497aa75eea906d3b6
SHA256

971ce2f325e8dfacf644bfb7d5ce763d1dd6a60872d080d1106febe81286defb
SHA512

eff1860ef3dbc1e0a6cde32eeb7a430a146d8d371e95c1f32827d3a1f2591f82df166de4fcb58c82e2640d44b996e4e3667ce928f41935d100ce650b3ceeb3e0
SSDEEP

3072:frshNEgrHZvVhUsA3f6aSWSakcZkLStHOqoETnZcjYxZt7/TBfWlB3O4i1RUaO:fCNbZv/Us8/SyZTnLnIcV/TBelHwO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1330503563faddad7e3d8cf39c0e63d7_JaffaCakes118

Files

1330503563faddad7e3d8cf39c0e63d7_JaffaCakes118
.dll windows:0 windows x86 arch:x86

933a67ceaf9cafadc0cd46e699584418

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadResource
FindResourceW
FindResourceExW
WideCharToMultiByte
Sleep
WriteFile
CreateFileW
CloseHandle
SetUnhandledExceptionFilter
GetTempPathW
GetTempFileNameW
CreateProcessW
WaitForSingleObject
DeleteFileW
SetEvent
CreateEventA
GetTickCount
ResetEvent
LockResource
DeleteFileA
MultiByteToWideChar
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
EnterCriticalSection
LeaveCriticalSection
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SizeofResource
IsBadWritePtr
WaitForMultipleObjects
IsBadReadPtr
FlushFileBuffers
SetEndOfFile
WriteConsoleW
SetStdHandle
CreateFileA
LoadLibraryW
IsProcessorFeaturePresent
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetModuleFileNameW
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
ExitThread
GetCurrentThreadId
CreateThread
GetCommandLineA
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
GetProcAddress
GetStringTypeW
LCMapStringW
HeapCreate
ExitProcess
SetFilePointer
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoW
ReadFile

advapi32

RegQueryValueExA
RegCreateKeyExA
RegCloseKey

shlwapi

UrlGetPartA
StrStrIA

ws2_32

setsockopt
WSAStartup
freeaddrinfo
connect
socket
getaddrinfo
recv
send
closesocket
shutdown
WSACleanup
htons
gethostbyname

winhttp

WinHttpSendRequest
WinHttpQueryDataAvailable
WinHttpConnect
WinHttpOpen
WinHttpReadData
WinHttpCloseHandle
WinHttpOpenRequest
WinHttpReceiveResponse

Sections

.text
Size: 170KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

933a67ceaf9cafadc0cd46e699584418

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shlwapi

ws2_32

winhttp

Sections

.text Size: 170KB - Virtual size: 170KB

.rdata Size: 42KB - Virtual size: 41KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 11KB - Virtual size: 11KB

.text
Size: 170KB - Virtual size: 170KB

.rdata
Size: 42KB - Virtual size: 41KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 11KB - Virtual size: 11KB