fd9f8c05d121977d0373a14012e81ed0_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

fd9f8c05d121977d0373a14012e81ed0_JaffaCakes118
Size

55KB
MD5

fd9f8c05d121977d0373a14012e81ed0
SHA1

8985cf821277aa985ec411ed0ca7f8c1492af6cb
SHA256

9b2e1dc62930d3db67eadf33c643a6e4ac475fc390d278abcaafaa2a0de5a1e4
SHA512

29226b8760fdbc741c0133c0b4cbcc384a81b3de98fa630a05bd383660fa56a641cc100e87cb4d16df55811fb2b80aed3e76651ac4ba06cee28b58568bb12995
SSDEEP

768:uppquQa9U366EQQOgREBtFFXmpUdqw2f34fevZNq0litzYS7U+:mYuQsc6lQQOgREBtFFX0lf343

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fd9f8c05d121977d0373a14012e81ed0_JaffaCakes118

Files

fd9f8c05d121977d0373a14012e81ed0_JaffaCakes118
.dll windows:4 windows x86 arch:x86

256f8e71c0c50c496b89e88940d1634b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemDirectoryA
GetFileAttributesA
OutputDebugStringA
GetTempPathA
DeleteFileA
lstrcatA
WriteFile
CreateFileA
WinExec
GetLastError
FreeResource
SizeofResource
LockResource
LoadResource
FindResourceA
ExpandEnvironmentStringsA
UnmapViewOfFile
GetTickCount
MapViewOfFile
CreateFileMappingA
GetFileSize
SetFileAttributesA
CopyFileA
GetDriveTypeA
GetLogicalDriveStringsA
TerminateThread
WaitForSingleObject
CreateMutexA
GlobalAddAtomA
OpenMutexA
GlobalFindAtomA
GetWindowsDirectoryA
LoadLibraryA
GetProcAddress
CloseHandle
Sleep
ExitProcess
DeviceIoControl
CreateThread

user32

FindWindowA
GetWindowLongA
ShowWindow

advapi32

OpenServiceA
CloseServiceHandle
OpenSCManagerA
StartServiceA
CreateServiceA
DeleteService
ControlService

shell32

ShellExecuteA

ws2_32

connect
htons
closesocket
socket
inet_ntoa
inet_addr
gethostbyname
gethostname
WSAStartup
send

mpr

WNetAddConnection2A

rpcrt4

NdrPointerUnmarshall
NdrConformantStringUnmarshall
NdrAllocate
NdrConformantArrayBufferSize
I_RpcGetBuffer
NdrConformantArrayMarshall
NdrClientInitializeNew
NdrServerInitializeNew
RpcRaiseException
NdrPointerBufferSize
NdrConformantStringBufferSize
NdrPointerMarshall
NdrConformantStringMarshall
NdrConvert
NdrConformantArrayUnmarshall
NdrNsGetBuffer
NdrNsSendReceive
NdrFreeBuffer
RpcBindingFromStringBindingA
RpcStringFreeA
RpcBindingFree
RpcStringBindingComposeA

msvcrt

fwrite
_adjust_fdiv
_initterm
_onexit
__dllonexit
??2@YAPAXI@Z
??3@YAXPAX@Z
_stricmp
atoi
fread
fseek
ftell
strcmp
strchr
strrchr
strlen
memset
sprintf
strcpy
_except_handler3
memcpy
memcmp
printf
malloc
free
strcat
fclose
fopen

msvcp60

?open@?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAEPAV12@PBDH@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
??1?$basic_ifstream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?getline@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@1@AAV21@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ

Exports

Exports

Scan

Sections

.data
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

256f8e71c0c50c496b89e88940d1634b

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ws2_32

mpr

rpcrt4

msvcrt

msvcp60

Exports

Exports

Sections

.data Size: 33KB - Virtual size: 32KB

.rsrc Size: 17KB - Virtual size: 17KB

.reloc Size: 3KB - Virtual size: 3KB

.data
Size: 33KB - Virtual size: 32KB

.rsrc
Size: 17KB - Virtual size: 17KB

.reloc
Size: 3KB - Virtual size: 3KB