182e81c716c1b389153a8c21823cfbaa_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

182e81c716c1b389153a8c21823cfbaa_JaffaCakes118
Size

1.1MB
MD5

182e81c716c1b389153a8c21823cfbaa
SHA1

2cf8da2b9ca4bd394a0c834a8af27032f5e3df30
SHA256

aa79c16193e1697e8148d8465e5d7a95e29578b405e6dde8cf9ce7735fd4b30e
SHA512

59ed8e99e76665ef36c69d4782af3ba46bbdb897fa6a157aa8f6c0a51c400a9df14ff5fea174fe7176a56d91a1fbddad2493a3cc312425e5d384226f1a24a0eb
SSDEEP

24576:mMVC3lPNpSDGaW/xK5IOJgCPRK4EjSV2NP9ArM8I2M:mMA3ljna6K/hcSV2NPKrC2M

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
182e81c716c1b389153a8c21823cfbaa_JaffaCakes118

Files

182e81c716c1b389153a8c21823cfbaa_JaffaCakes118
.dll windows:4 windows x86 arch:x86

bbe112974e39fbd8591db86e0dc0c3d1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenA
InternetGetConnectedState
InternetCloseHandle

kernel32

InterlockedDecrement
SetUnhandledExceptionFilter
GetModuleHandleA
GetProcAddress
LoadLibraryA
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
InterlockedExchange
GetEnvironmentVariableW
WideCharToMultiByte
InterlockedIncrement
GetComputerNameA
FreeLibrary
GetVolumeInformationA
GetDiskFreeSpaceA
DeviceIoControl
GlobalMemoryStatus
GetSystemInfo
GetVersionExA
GetExitCodeThread
DuplicateHandle
GetCurrentThread
GetCurrentProcess
ResumeThread
GetFileSize
SetLastError
IsBadCodePtr
IsBadWritePtr
VirtualProtect
SearchPathA
LoadLibraryW
LoadLibraryExA
LoadLibraryExW
GetEnvironmentStrings
GetEnvironmentStringsW
TerminateProcess
SetErrorMode
SuspendThread
ExitThread
TerminateThread
CreateRemoteThread
GetShortPathNameA
GetFullPathNameA
CreateFileW
GetModuleFileNameW
GetShortPathNameW
GetFullPathNameW
SetFilePointer
GetFileType
CreateFileMappingW
FlushViewOfFile
MapViewOfFileEx
VirtualAlloc
VirtualFree
OpenFileMappingA
OpenFileMappingW
OpenFile
_lcreat
_lopen
_hread
_hwrite
_lread
_lwrite
_llseek
_lclose
FindFirstFileA
FindFirstFileW
FindResourceA
FindResourceW
FindResourceExA
FindResourceExW
FormatMessageA
FormatMessageW
CreateEventA
SetEvent
CreateMailslotA
CreateDirectoryA
SetFileTime
GetSystemTimeAsFileTime
SetEndOfFile
OutputDebugStringA
WriteProcessMemory
ExitProcess
UnhandledExceptionFilter
GetACP
GetCommandLineA
GetVersion
GetProcessHeap
SetProcessWorkingSetSize
GlobalUnlock
GlobalLock
CreateThread
LockResource
GetLocalTime
FileTimeToSystemTime
GetSystemTime
IsBadReadPtr
MultiByteToWideChar
GetTempPathW
GetTempFileNameA
GetTempFileNameW
GetWindowsDirectoryA
CreateProcessA
GetStartupInfoA
SetThreadPriority
SetPriorityClass
GetPrivateProfileIntA
WriteProfileStringA
GetProfileStringA
GetLocaleInfoA
FindClose
FindNextFileA
CompareFileTime
SetFileAttributesA
GetFileAttributesA
GetSystemDirectoryA
ResetEvent
GetMailslotInfo
FreeEnvironmentStringsA
SetHandleCount
HeapReAlloc
HeapCreate
HeapDestroy
HeapSize
GetStdHandle
IsValidCodePage
GetOEMCP
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetCPInfo
HeapAlloc
RaiseException
IsDebuggerPresent
GetUserDefaultLCID
RtlUnwind
LocalFree
InterlockedCompareExchange
HeapFree
lstrlenA
InitializeCriticalSection
Sleep
EnterCriticalSection
LeaveCriticalSection
EnumSystemLocalesA
IsValidLocale
GetConsoleCP
GetConsoleMode
GetLocaleInfoW
SetStdHandle
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetPrivateProfileStringA
GetCurrentThreadId
OpenMutexA
GetModuleFileNameA
WritePrivateProfileStringA
WriteFile
GetTempPathA
GetEnvironmentVariableA
CreateFileA
ReadFile
DeleteFileA
GetTickCount
SetEnvironmentVariableA
SetEnvironmentVariableW
CreateMutexA
WaitForSingleObject
GetLastError
ReleaseMutex
CloseHandle
GetCurrentProcessId
IsBadStringPtrA
CompareStringA
CompareStringW
DeleteCriticalSection
FreeEnvironmentStringsW
QueryPerformanceCounter
GlobalAlloc

user32

ScreenToClient
SystemParametersInfoA
SetRect
GetClientRect
MapWindowPoints
GetWindowRect
GetDlgItemTextA
DestroyIcon
IsClipboardFormatAvailable
OpenClipboard
GetClipboardData
CloseClipboard
CallWindowProcA
GetWindowLongA
InvalidateRect
GetDlgCtrlID
SetWindowLongA
DefWindowProcA
DefDlgProcA
DrawTextA
CreateWindowExA
RegisterClassA
SetWindowTextA
GetNextDlgTabItem
GetSystemMetrics
CopyRect
SetRectEmpty
GetIconInfo
MessageBeep
GetForegroundWindow
EndDialog
MessageBoxA
GetWindowTextW
ExitWindowsEx
SetForegroundWindow
GetDlgItem
DrawIconEx
GetParent
IsWindowEnabled
GetWindowTextA
GetAsyncKeyState
FindWindowA
EnumWindows
GetClassNameA
SendMessageA
EnumThreadWindows
KillTimer
DialogBoxParamW
DialogBoxParamA
DialogBoxIndirectParamA
CreateDialogParamW
CreateDialogParamA
CreateDialogIndirectParamA
LoadImageW
LoadImageA
LoadStringW
LoadStringA
LoadMenuW
LoadMenuA
LoadIconW
LoadIconA
LoadCursorA
LoadBitmapW
LoadBitmapA
LoadAcceleratorsW
LoadAcceleratorsA
MoveWindow
SetTimer
GetWindow
SetPropA
ShowWindow
EnableWindow
SetWindowPos
UpdateWindow
IsWindow
GetPropA
PeekMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
DestroyWindow
LookupIconIdFromDirectory
CreateIconFromResourceEx
WaitForInputIdle
RegisterWindowMessageA
PostMessageA
IsWindowVisible
SetFocus
LoadCursorW

gdi32

GetStockObject
DeleteObject
GetTextMetricsA
SelectObject
CreateCompatibleDC
CreateFontIndirectA
GetObjectA
DeleteDC

comdlg32

GetSaveFileNameA

advapi32

RegEnumKeyA
RegQueryValueA
RegOpenKeyExW
RegQueryValueExW
GetUserNameA
RegCreateKeyA
RegCreateKeyW
RegEnumValueA
RegOpenKeyExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey
RegQueryValueExA
RegSetKeySecurity
RegCreateKeyExA
RegFlushKey
RegDeleteValueA
RegDeleteKeyA
RegSetValueExA
RegCreateKeyExW

shell32

ShellExecuteExA

ole32

CoUninitialize
CoSetProxyBlanket
CoCreateInstance
CoInitializeSecurity
CoInitializeEx
StringFromGUID2
CoCreateGuid
OleUninitialize
OleInitialize

oleaut32

SysStringLen
VariantInit
SysAllocStringByteLen
SysFreeString
SysAllocString
VariantClear

comctl32

ord5
ord17
ord6

Exports

Exports

SetFunctionAddresses

Sections

.text
Size: 936KB - Virtual size: 935KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bbe112974e39fbd8591db86e0dc0c3d1

Headers

File Characteristics

Imports

wininet

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

Exports

Exports

Sections

.text Size: 936KB - Virtual size: 935KB

.rdata Size: 128KB - Virtual size: 125KB

.data Size: 20KB - Virtual size: 91KB

.tls Size: 4KB - Virtual size: 2B

.rsrc Size: 12KB - Virtual size: 9KB

.reloc Size: 60KB - Virtual size: 56KB

.text
Size: 936KB - Virtual size: 935KB

.rdata
Size: 128KB - Virtual size: 125KB

.data
Size: 20KB - Virtual size: 91KB

.tls
Size: 4KB - Virtual size: 2B

.rsrc
Size: 12KB - Virtual size: 9KB

.reloc
Size: 60KB - Virtual size: 56KB