f8eadf3c00b79ae9c88a2ae7ac0a59d1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f8eadf3c00b79ae9c88a2ae7ac0a59d1_JaffaCakes118
Size

85KB
MD5

f8eadf3c00b79ae9c88a2ae7ac0a59d1
SHA1

44cf1c408bc4330f6f89543b3ab519e1f1d367e3
SHA256

b2cdb44caf9d3cf4a4b6e48f37f08e3b7f60cd799f914e2aecd8d061cd900563
SHA512

3495811c533a4c684c9475df2a1b6e97a3b3e4c29aab0b375f8e79c9b80a47db67643f1769702abe8e8dcf18bccb8c8ec62264edaef5e1e9f66be0d35e8ddc02
SSDEEP

1536:16nR/wgAu3gNUTma6faddO1cihhnhvqUIatL0UThhEtRO+:g5wrIma6fadM+ihhhHhhEtRO+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f8eadf3c00b79ae9c88a2ae7ac0a59d1_JaffaCakes118

Files

f8eadf3c00b79ae9c88a2ae7ac0a59d1_JaffaCakes118
.dll windows:5 windows x86 arch:x86

d03783c632f570c5aced9bd19f34ae0b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ws2_32.pdb

Imports

msvcrt

__isascii
isspace
_except_handler3
sprintf
_adjust_fdiv
malloc
_initterm
free
_stricmp
fclose
fgets
atoi
strchr
fopen
wcscpy
strtoul
wcscmp
wcslen
wcschr

ntdll

RtlIpv4StringToAddressW
RtlIpv6StringToAddressExW
RtlIpv4StringToAddressA

ws2help

WahCompleteRequest
WahQueueUserApc
WahEnableNonIFSHandleSupport
WahDisableNonIFSHandleSupport
WahCreateSocketHandle
WahNotifyAllProcesses
WahCreateNotificationHandle
WahWaitForNotification
WahOpenCurrentThread
WahCloseThread
WahInsertHandleContext
WahRemoveHandleContext
WahDestroyHandleContextTable
WahCreateHandleContextTable
WahEnumerateHandleContexts
WahCloseApcHelper
WahCloseHandleHelper
WahCloseNotificationHandleHelper
WahOpenNotificationHandleHelper
WahOpenHandleHelper
WahOpenApcHelper
WahCloseSocketHandle
WahReferenceContextByHandle

advapi32

RegNotifyChangeKeyValue
RegDeleteKeyA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegEnumKeyExA

kernel32

GetTickCount
QueryPerformanceCounter
lstrcmpA
HeapReAlloc
HeapFree
HeapAlloc
InterlockedCompareExchange
IsBadWritePtr
GetEnvironmentVariableA
GetComputerNameA
GetVersionExA
GetSystemDirectoryA
GetWindowsDirectoryA
WaitForMultipleObjectsEx
ResetEvent
IsBadReadPtr
TlsSetValue
GetHandleInformation
ExpandEnvironmentStringsA
InterlockedExchange
GetCurrentThreadId
TlsAlloc
GetSystemInfo
HeapCreate
GetProcessHeap
HeapDestroy
TlsFree
lstrlenA
lstrcpyA
IsBadCodePtr
GetProcAddress
CreateEventA
GetModuleFileNameA
LoadLibraryA
CreateThread
FreeLibrary
WaitForSingleObject
CloseHandle
FreeLibraryAndExitThread
EnterCriticalSection
SetEvent
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SwitchToThread
SetLastError
DelayLoadFailureHook
TlsGetValue
InterlockedDecrement
GetLastError
WideCharToMultiByte
MultiByteToWideChar
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
LeaveCriticalSection

Exports

Exports

FreeAddrInfoW
GetAddrInfoW
GetNameInfoW
WEP
WPUCompleteOverlappedRequest
WSAAccept
WSAAddressToStringA
WSAAddressToStringW
WSAAsyncGetHostByAddr
WSAAsyncGetHostByName
WSAAsyncGetProtoByName
WSAAsyncGetProtoByNumber
WSAAsyncGetServByName
WSAAsyncGetServByPort
WSAAsyncSelect
WSACancelAsyncRequest
WSACancelBlockingCall
WSACleanup
WSACloseEvent
WSAConnect
WSACreateEvent
WSADuplicateSocketA
WSADuplicateSocketW
WSAEnumNameSpaceProvidersA
WSAEnumNameSpaceProvidersW
WSAEnumNetworkEvents
WSAEnumProtocolsA
WSAEnumProtocolsW
WSAEventSelect
WSAGetLastError
WSAGetOverlappedResult
WSAGetQOSByName
WSAGetServiceClassInfoA
WSAGetServiceClassInfoW
WSAGetServiceClassNameByClassIdA
WSAGetServiceClassNameByClassIdW
WSAHtonl
WSAHtons
WSAInstallServiceClassA
WSAInstallServiceClassW
WSAIoctl
WSAIsBlocking
WSAJoinLeaf
WSALookupServiceBeginA
WSALookupServiceBeginW
WSALookupServiceEnd
WSALookupServiceNextA
WSALookupServiceNextW
WSANSPIoctl
WSANtohl
WSANtohs
WSAProviderConfigChange
WSARecv
WSARecvDisconnect
WSARecvFrom
WSARemoveServiceClass
WSAResetEvent
WSASend
WSASendDisconnect
WSASendTo
WSASetBlockingHook
WSASetEvent
WSASetLastError
WSASetServiceA
WSASetServiceW
WSASocketA
WSASocketW
WSAStartup
WSAStringToAddressA
WSAStringToAddressW
WSAUnhookBlockingHook
WSAWaitForMultipleEvents
WSApSetPostRoutine
WSCDeinstallProvider
WSCEnableNSProvider
WSCEnumProtocols
WSCGetProviderPath
WSCInstallNameSpace
WSCInstallProvider
WSCUnInstallNameSpace
WSCUpdateProvider
WSCWriteNameSpaceOrder
WSCWriteProviderOrder
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostbyaddr
gethostbyname
gethostname
getnameinfo
getpeername
getprotobyname
getprotobynumber
getservbyname
getservbyport
getsockname
getsockopt
htonl
htons
inet_addr
inet_ntoa
ioctlsocket
listen
ntohl
ntohs
recv
recvfrom
select
send
sendto
setsockopt
shutdown
socket

Sections

.text
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d03783c632f570c5aced9bd19f34ae0b

Headers

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

ws2help

advapi32

kernel32

Exports

Exports

Sections

.text Size: 72KB - Virtual size: 72KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 72KB - Virtual size: 72KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 7KB