15a5896d0e3d4f902d76401b8faab414_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

15a5896d0e3d4f902d76401b8faab414_JaffaCakes118
Size

40KB
MD5

15a5896d0e3d4f902d76401b8faab414
SHA1

396da9f9991ca6c085d88f46caaaa3a33147e483
SHA256

2515150cc4f018c13dfe4d14db54e3dc79f4519632b739886595e62407fcd714
SHA512

4f629bd7b534c7142d669e1cc3d48e80682e32e3b7b4d95f23fbd00239c4932a8eed686d837bfb2a06460d24e8a0d2f73e31d646d62732896aaabd70e1d9c69d
SSDEEP

768:vUt3qlCqsM1fdZdASWJw0T58BEM03s5E:sAlC7M5dZGSg56EMMsq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
15a5896d0e3d4f902d76401b8faab414_JaffaCakes118

Files

15a5896d0e3d4f902d76401b8faab414_JaffaCakes118
.dll windows:4 windows x86 arch:x86

5dd80cd1c00d2038919c62d07da145b0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

UrlEscapeW
StrToIntW
PathFileExistsW
StrRStrIW
StrStrIW
StrStrIA

ws2_32

getnameinfo
inet_addr

dnsapi

DnsRecordListFree
DnsQuery_W

wininet

InternetCloseHandle
InternetReadFile
InternetOpenUrlW
InternetOpenW
HttpQueryInfoW

kernel32

lstrcpynA
CreateFileW
GetFileSize
ReadFile
WriteFile
CloseHandle
GetSystemWindowsDirectoryW
GetVolumeInformationW
lstrlenW
lstrcpynW
lstrlenA
lstrcpyA
lstrcmpiA
lstrcatW
WideCharToMultiByte
lstrcatA
SetFilePointer
SetEndOfFile
lstrcpyW
CreateEventW
lstrcmpiW
CreateThread
WaitForSingleObject
SetEvent
CreateProcessW
SuspendThread
TerminateThread
Sleep
GetModuleFileNameW
FreeLibraryAndExitThread
LoadLibraryW
OpenMutexW
GetTickCount
GetLastError
CreateMutexW
GetCurrentProcess
GetProcAddress
VirtualAlloc
VirtualFree
VirtualQuery
MapViewOfFile
CreateFileMappingW
ResetEvent
Process32NextW
OpenProcess
Process32FirstW
CreateToolhelp32Snapshot
GetVersionExW
DisableThreadLibraryCalls
ExitProcess
CreateWaitableTimerW
SetWaitableTimer
GetCurrentThread
GetFileTime
SetFileTime
lstrcmpW
MoveFileW
MoveFileExW
WaitForMultipleObjects
FindFirstFileW
FindNextFileW
FindClose
GetSystemTime
MultiByteToWideChar
UnmapViewOfFile

user32

MsgWaitForMultipleObjects
PeekMessageW
TranslateMessage
DispatchMessageW
CallNextHookEx
PostMessageW
SetWindowsHookExW
wsprintfW

advapi32

CreateProcessAsUserW
RegQueryValueExW
RegCloseKey
ImpersonateLoggedOnUser
SetNamedSecurityInfoW
OpenProcessToken
RevertToSelf
RegSetValueExW
RegOpenKeyExW
RegFlushKey
RegQueryInfoKeyW
RegEnumValueW
RegNotifyChangeKeyValue
RegCreateKeyExW

shell32

SHGetSpecialFolderPathW
SHGetFolderPathW
ord680

ole32

StringFromCLSID
CoTaskMemFree
CoCreateGuid

Exports

Exports

Startup
e
iep
l
r

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5dd80cd1c00d2038919c62d07da145b0

Headers

File Characteristics

Imports

shlwapi

ws2_32

dnsapi

wininet

kernel32

user32

advapi32

shell32

ole32

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 24KB

.data Size: 4KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 28KB - Virtual size: 24KB

.data
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 1KB