172390f1bee717a4517d5ee7fc047c3c_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

172390f1bee717a4517d5ee7fc047c3c_JaffaCakes118
Size

68KB
MD5

172390f1bee717a4517d5ee7fc047c3c
SHA1

a4cd17a141abdd40b2dcef0fc4122e41353122c7
SHA256

1231d846a8937e47fba2df9ed612b59c9d68955517b2f8fc4abebec5d09e7555
SHA512

6715f1b702f9f7e2bdeca307789e5e5b5dba71f966bc6eb63484d3d3af56863ae3129cb331fc6f0cb6688ccc8b729085460d0ed5749b8b0f66d14c720f9257c1
SSDEEP

768:dJyWnnIc0EVPzJKZfDtUUnhoN4Q7x6c+/H:ryanIc0dZfDtUT16cwH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
172390f1bee717a4517d5ee7fc047c3c_JaffaCakes118

Files

172390f1bee717a4517d5ee7fc047c3c_JaffaCakes118
.dll windows:4 windows x86 arch:x86

1ec355049ac3f9af62c1047ac38062e9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
ReleaseMutex
VirtualFreeEx
VirtualAllocEx
FindClose
FindNextFileA
lstrcmpiA
lstrcatA
GetCurrentProcess
Module32First
VirtualProtectEx
CreateMutexA
DeleteFileA
GetModuleFileNameA
CopyFileA
TerminateProcess
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
IsBadReadPtr
WriteFile
GetTempPathA
LocalAlloc
CreateFileA
GetFileSize
InitializeCriticalSection
ReadFile
LocalFree
GetLastError
CloseHandle
GetCurrentProcessId
DisableThreadLibraryCalls
WaitForSingleObject
Sleep
LoadLibraryA
GetProcAddress
WinExec
lstrcpyA
lstrlenA
GetTickCount
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetModuleHandleA

user32

wsprintfA
GetDesktopWindow
GetWindowThreadProcessId
EnumWindows
SetThreadDesktop
OpenWindowStationA
IsRectEmpty
ReleaseDC
GetDC
GetWindowTextA
GetForegroundWindow
GetWindowRect
OpenDesktopA

gdi32

GetObjectA
GetStockObject
DeleteDC
BitBlt
SelectObject
CreateCompatibleBitmap
GetDeviceCaps
CreateCompatibleDC
CreateDCA
GetDIBits
RealizePalette
SelectPalette

advapi32

SetSecurityDescriptorDacl
OpenProcessToken
LookupPrivilegeValueA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

msvcp60

?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB

ws2_32

getpeername
WSAStartup
closesocket
send
recv
select
connect
ioctlsocket
htons
socket
gethostbyname

msvcrt

atoi
strcpy
??2@YAPAXI@Z
memset
strlen
sprintf
strcat
_mbsnbcpy
_mbsnbcmp
atol
_mbscmp
free
malloc
strstr
sscanf
memcmp
_beginthreadex
memcpy
isprint
__CxxFrameHandler
strchr
_onexit
__dllonexit
strncpy
_purecall
_splitpath
wcscmp

shlwapi

StrStrIA

imagehlp

MakeSureDirectoryPathExists

wininet

HttpOpenRequestA
HttpQueryInfoA
InternetReadFile
HttpSendRequestExA
InternetWriteFile
HttpEndRequestA
HttpAddRequestHeadersA
InternetCloseHandle
InternetOpenA
InternetConnectA
InternetAttemptConnect

gdiplus

GdipAlloc
GdipDisposeImage
GdipGetImageEncoders
GdipGetImageEncodersSize
GdiplusShutdown
GdipSaveImageToFile
GdiplusStartup
GdipFree
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipCloneImage

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 4.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

shard
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1ec355049ac3f9af62c1047ac38062e9

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

msvcp60

ws2_32

msvcrt

shlwapi

imagehlp

wininet

gdiplus

Sections

.text Size: 19KB - Virtual size: 18KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 19KB - Virtual size: 4.0MB

shard Size: 10KB - Virtual size: 9KB

.CRT Size: 512B - Virtual size: 4B

.reloc Size: 13KB - Virtual size: 13KB

.text
Size: 19KB - Virtual size: 18KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 19KB - Virtual size: 4.0MB

shard
Size: 10KB - Virtual size: 9KB

.CRT
Size: 512B - Virtual size: 4B

.reloc
Size: 13KB - Virtual size: 13KB