f7966ab41ad74bc7be64723cbcb576b9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f7966ab41ad74bc7be64723cbcb576b9_JaffaCakes118
Size

26KB
MD5

f7966ab41ad74bc7be64723cbcb576b9
SHA1

668896f53222ea512b2211d51cfcd2459707dbb1
SHA256

11ddffe6b2d1bca6486e8ccb05860f79c3085a716fe3d94d5c21a69facc0ff8c
SHA512

ae1524c20dc55e12b9998517ac02598bd848d1276654a4175b8fc5a2381e157035154740379f8d0f5b1c7b5135c029ebf13e358d57b65996609223bcc17acd89
SSDEEP

384:Nyi7lJvyPxCTGslTQyXRov+1xfbwh5XEnOFpTXZJG03yvXs8YTa/nY5RsASbuOxw:TBQPYGj1vqlsh6nS9l/kgiASzaw98

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f7966ab41ad74bc7be64723cbcb576b9_JaffaCakes118

Files

f7966ab41ad74bc7be64723cbcb576b9_JaffaCakes118
.dll windows:6 windows x64 arch:x64

2d1abf504c8da65873733ac52f5affab

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ws2_32

ntohs
recvfrom
sendto
bind
select
setsockopt
ntohl
htonl
htons
inet_ntop
gethostbyname
socket
WSASocketW
WSAGetLastError
inet_pton
inet_ntoa
WSAIoctl
closesocket
WSAStartup
shutdown

shlwapi

StrStrIA

kernel32

CancelIo
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetLastError
CreateProcessA
lstrcmpiA
ExitProcess
GetNativeSystemInfo
CloseHandle
lstrcpyA
GetModuleHandleA
ReleaseMutex
FreeLibraryAndExitThread
WaitForSingleObject
CreateMutexA
lstrlenA
CreateTimerQueue
CreateIoCompletionPort
HeapFree
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
Sleep
HeapAlloc
lstrcpynA
GetProcessHeap
LoadLibraryA
GetProcAddress
IsProcessorFeaturePresent
CreateTimerQueueTimer
GetQueuedCompletionStatus
ExitThread
PostQueuedCompletionStatus
GlobalAlloc
GlobalFree
CreateThread

user32

wvsprintfA

Exports

Exports

Control
FreeBuffer
Release
Start

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2d1abf504c8da65873733ac52f5affab

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

shlwapi

kernel32

user32

Exports

Exports

Sections

.text Size: 19KB - Virtual size: 18KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 1024B - Virtual size: 768B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 24B

.text
Size: 19KB - Virtual size: 18KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 1024B - Virtual size: 768B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 24B