f8435e3d076facbb7e4f2c4777f3a319_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f8435e3d076facbb7e4f2c4777f3a319_JaffaCakes118
Size

48KB
MD5

f8435e3d076facbb7e4f2c4777f3a319
SHA1

56afb9dd3d5e66ad8d286c437172a83878c7b99a
SHA256

8cfee6c8dc42b9fca508dae349fd7e6f5e2b52668061389b6698616b06d04c03
SHA512

7eeafa356e36ca2617f6a0f4cb9469668b1ec70ee876e2281b0110a556f6cd0652a060ed4c00d65ae05f3bf0e166454129b8aee64d619d2c8d0bbdfd1395ef15
SSDEEP

768:6qCuWSh+Z8IE8+AUKR8NafHGSjnyNxvlRjsz:6qCcId+AUKR8UGcnyNxvbs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f8435e3d076facbb7e4f2c4777f3a319_JaffaCakes118

Files

f8435e3d076facbb7e4f2c4777f3a319_JaffaCakes118
.dll windows:4 windows x86 arch:x86

4c81615e59109e5a0a5dde1a5d8e4801

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FreeLibrary
WinExec
LoadLibraryA
lstrcpyA
lstrcatA
ExitThread
TerminateProcess
Sleep
CreateProcessA
GetCurrentProcessId
OutputDebugStringA
CloseHandle
WaitForSingleObject
GetLastError
CreateMutexA
GetModuleFileNameA
GetCurrentThreadId
DisableThreadLibraryCalls
GetTickCount
GetProcAddress
GetSystemInfo
CreateThread
GetModuleHandleA

user32

wsprintfA
GetMessageA
PostThreadMessageA
GetInputState
RegisterClassA
LoadCursorA
LoadIconA

gdi32

GetStockObject

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyA
RegOpenKeyExA

mfc42

ord815
ord823
ord825
ord561

msvcrt

memcpy
malloc
rand
memset
printf
fprintf
_iob
_except_handler3
_local_unwind2
strncpy
strlen
strcat
strcpy
_CxxThrowException
_ftol
strstr
__dllonexit
_onexit
sprintf
_initterm
_adjust_fdiv
__CxxFrameHandler
free
??1type_info@@UAE@XZ

msvcp60

??0_Winit@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ

iphlpapi

GetIfTable

ws2_32

WSASocketA
gethostbyname
inet_addr
closesocket
connect
htons
socket
WSACleanup
htonl
setsockopt
WSAGetLastError
sendto
WSAStartup
inet_ntoa
gethostname
send
WSAIoctl
shutdown
recv
__WSAFDIsSet
select

Exports

Exports

SuiFeng

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4c81615e59109e5a0a5dde1a5d8e4801

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

mfc42

msvcrt

msvcp60

iphlpapi

ws2_32

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 20KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 160B

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 24KB - Virtual size: 20KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 160B

.reloc
Size: 4KB - Virtual size: 1KB