JaffaCakes118_6a4227e2a6a2b63fb06d453a85b93ed0

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_6a4227e2a6a2b63fb06d453a85b93ed0
Size

1019KB
MD5

6a4227e2a6a2b63fb06d453a85b93ed0
SHA1

4c019e0982c566c3cb059d96ae3827837bc85615
SHA256

7ccede54bad868c02cd61460c92fbf9292efda93226d73fc76d44bb124d86c97
SHA512

63cb6769e1c8b1874b41916642ed2c52604acbf562410f21a81c9cd31f6016ee562854450aa71f0905ddb7dcc47729beb193c4030f2ffaf0c48b639045c5e9e8
SSDEEP

24576:jJ0P97FW0NnWpUBBgXRKQ7O7DVUY1V/IMHfyU9v6:V0PhFVNnWpUBB4i2o716

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_6a4227e2a6a2b63fb06d453a85b93ed0

Files

JaffaCakes118_6a4227e2a6a2b63fb06d453a85b93ed0
.dll windows:4 windows x86 arch:x86

39525b45c40c6c59481ed9e5dc908b2d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dbghelp.pdb

Imports

kernel32

SetFilePointer
CreateFileW
DeleteFileW
CreateDirectoryW
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
GetCurrentProcess
UnmapViewOfFile
GetFullPathNameW
GetFileAttributesW
FindClose
CreateDirectoryA
VirtualProtect
VirtualAlloc
DuplicateHandle
MapViewOfFile
CreateFileMappingA
GetModuleHandleA
OpenProcess
GetCurrentProcessId
VirtualFree
OutputDebugStringA
WriteFile
OutputDebugStringW
ReadProcessMemory
SetErrorMode
GetFileAttributesA
GetSystemDirectoryW
GetProcessHeap
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetEnvironmentVariableW
IsDBCSLeadByte
HeapFree
HeapAlloc
HeapReAlloc
GetVersionExA
InitializeCriticalSection
FlushViewOfFile
MapViewOfFileEx
CreateFileMappingW
GetFileType
DeviceIoControl
InitializeCriticalSectionAndSpinCount
CopyFileA
SetFileAttributesA
CopyFileW
SetFileAttributesW
LCMapStringA
LCMapStringW
LocalFree
InterlockedIncrement
InterlockedDecrement
ExpandEnvironmentStringsW
ExpandEnvironmentStringsA
DeleteFileA
GetModuleFileNameA
FormatMessageW
FormatMessageA
GetThreadSelectorEntry
CreateThread
TerminateThread
LoadLibraryW
VirtualQueryEx
GetPriorityClass
GetThreadPriority
HeapCreate
DeleteCriticalSection
FreeLibrary
HeapDestroy
TlsFree
TlsAlloc
GetTickCount
TlsGetValue
TlsSetValue
GetLastError
CreateFileA
GetFileSize
ReadFile
CloseHandle
EnterCriticalSection
LeaveCriticalSection
FindNextFileW
LocalAlloc
SetLastError
FindFirstFileW
GetProcAddress
LoadLibraryA
GetSystemInfo
GetVersionExW
SuspendThread
ResumeThread
GetThreadContext
GetThreadTimes

msvcrt

__dllonexit
_adjust_fdiv
_amsg_exit
_initterm
_XcptFilter
realloc
iswprint
_vsnwprintf
memmove
iswspace
calloc
_itoa
towlower
tolower
_wcslwr
time
_wctime
strncmp
_ltoa
_wcsnicmp
_stricmp
_purecall
isspace
ctime
malloc
_strlwr
free
strstr
_except_handler3
memcpy
_wcsicmp
_errno
_ismbblead
mbtowc
__mb_cur_max
isleadbyte
_snprintf
wctomb
_lseek
__badioinfo
__pioinfo
_onexit
_isatty
_iob
_fileno
atol
wcsncpy
sprintf
__CxxFrameHandler
fclose
_winminor
_winmajor
_osver
_wsplitpath
__unDName
isdigit
strncpy
_CxxThrowException
bsearch
_snwprintf
fread
fseek
_wfopen
fopen
wcstol
strchr
wcsrchr
_wmakepath
_fullpath
_wfullpath
_mbsicmp
_access
_splitpath
_wcsdup
_fsopen
_wfsopen
_get_osfhandle
_read
_lseeki64
_chsize
_close
_open_osfhandle
_wsopen
_sopen
wprintf
ftell
_wgetenv
_memicmp
_mbscmp
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_write
qsort
wcschr
wcsstr
wcsncmp
iswxdigit
memset
??3@YAXPAX@Z
??2@YAPAXI@Z

advapi32

RegOpenKeyExA
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
RegCloseKey
CryptReleaseContext
CryptGenRandom
CryptAcquireContextA

rpcrt4

UuidCreate

Exports

Exports

DbgHelpCreateUserDump
DbgHelpCreateUserDumpW
EnumDirTree
EnumDirTreeW
EnumerateLoadedModules
EnumerateLoadedModules64
EnumerateLoadedModulesW64
ExtensionApiVersion
FindDebugInfoFile
FindDebugInfoFileEx
FindExecutableImage
FindExecutableImageEx
FindExecutableImageExW
FindFileInPath
FindFileInSearchPath
GetTimestampForLoadedLibrary
ImageDirectoryEntryToData
ImageDirectoryEntryToDataEx
ImageNtHeader
ImageRvaToSection
ImageRvaToVa
ImagehlpApiVersion
ImagehlpApiVersionEx
MakeSureDirectoryPathExists
MapDebugInformation
MiniDumpReadDumpStream
MiniDumpWriteDump
SearchTreeForFile
SearchTreeForFileW
StackWalk
StackWalk64
SymAddSymbol
SymAddSymbolW
SymCleanup
SymDeleteSymbol
SymDeleteSymbolW
SymEnumLines
SymEnumLinesW
SymEnumProcesses
SymEnumSourceFiles
SymEnumSourceFilesW
SymEnumSourceLines
SymEnumSourceLinesW
SymEnumSym
SymEnumSymbols
SymEnumSymbolsForAddr
SymEnumSymbolsForAddrW
SymEnumSymbolsW
SymEnumTypes
SymEnumTypesW
SymEnumerateModules
SymEnumerateModules64
SymEnumerateModulesW64
SymEnumerateSymbols
SymEnumerateSymbols64
SymEnumerateSymbolsW
SymEnumerateSymbolsW64
SymFindFileInPath
SymFindFileInPathW
SymFromAddr
SymFromAddrW
SymFromIndex
SymFromIndexW
SymFromName
SymFromNameW
SymFromToken
SymFromTokenW
SymFunctionTableAccess
SymFunctionTableAccess64
SymGetFileLineOffsets64
SymGetHomeDirectory
SymGetHomeDirectoryW
SymGetLineFromAddr
SymGetLineFromAddr64
SymGetLineFromAddrW64
SymGetLineFromName
SymGetLineFromName64
SymGetLineFromNameW64
SymGetLineNext
SymGetLineNext64
SymGetLineNextW64
SymGetLinePrev
SymGetLinePrev64
SymGetLinePrevW64
SymGetModuleBase
SymGetModuleBase64
SymGetModuleInfo
SymGetModuleInfo64
SymGetModuleInfoW
SymGetModuleInfoW64
SymGetOmapBlockBase
SymGetOptions
SymGetScope
SymGetScopeW
SymGetSearchPath
SymGetSearchPathW
SymGetSourceFile
SymGetSourceFileFromToken
SymGetSourceFileFromTokenW
SymGetSourceFileToken
SymGetSourceFileTokenW
SymGetSourceVarFromToken
SymGetSourceVarFromTokenW
SymGetSymFromAddr
SymGetSymFromAddr64
SymGetSymFromName
SymGetSymFromName64
SymGetSymNext
SymGetSymNext64
SymGetSymPrev
SymGetSymPrev64
SymGetSymbolFile
SymGetSymbolFileW
SymGetTypeFromName
SymGetTypeFromNameW
SymGetTypeInfo
SymGetTypeInfoEx
SymInitialize
SymInitializeW
SymLoadModule
SymLoadModule64
SymLoadModuleEx
SymLoadModuleExW
SymMatchFileName
SymMatchFileNameW
SymMatchString
SymMatchStringA
SymMatchStringW
SymNext
SymNextW
SymPrev
SymPrevW
SymRegisterCallback
SymRegisterCallback64
SymRegisterCallbackW64
SymRegisterFunctionEntryCallback
SymRegisterFunctionEntryCallback64
SymSearch
SymSearchW
SymSetContext
SymSetHomeDirectory
SymSetOptions
SymSetParentWindow
SymSetSearchPath
SymSetSearchPathW
SymSrvDeltaName
SymSrvDeltaNameW
SymSrvGetFileIndexString
SymSrvGetFileIndexStringW
SymSrvGetFileIndexes
SymSrvGetFileIndexesW
SymSrvGetSupplement
SymSrvGetSupplementW
SymSrvIsStore
SymSrvIsStoreW
SymSrvStoreFile
SymSrvStoreFileW
SymSrvStoreSupplement
SymSrvStoreSupplementW
SymUnDName
SymUnDName64
SymUnloadModule
SymUnloadModule64
UnDecorateSymbolName
UnDecorateSymbolNameW
UnmapDebugInformation
WinDbgExtensionDllInit
block
dbghelp
dh
fptr
homedir
lmi
lminfo
omap
srcfiles
stack_force_ebp
stackdbg
sym
symsrv
vc7fpo

Sections

.text
Size: 890KB - Virtual size: 890KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

39525b45c40c6c59481ed9e5dc908b2d

Headers

File Characteristics

PDB Paths

Imports

kernel32

msvcrt

advapi32

rpcrt4

Exports

Exports

Sections

.text Size: 890KB - Virtual size: 890KB

.data Size: 16KB - Virtual size: 109KB

.rsrc Size: 1024B - Virtual size: 1000B

.reloc Size: 54KB - Virtual size: 53KB

.rmnet Size: 56KB - Virtual size: 60KB

.text
Size: 890KB - Virtual size: 890KB

.data
Size: 16KB - Virtual size: 109KB

.rsrc
Size: 1024B - Virtual size: 1000B

.reloc
Size: 54KB - Virtual size: 53KB

.rmnet
Size: 56KB - Virtual size: 60KB