2357121d88c02365925c7089cc0212db_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2357121d88c02365925c7089cc0212db_JaffaCakes118
Size

24KB
MD5

2357121d88c02365925c7089cc0212db
SHA1

88a6741e26f271d1050677868a07faa74da204ea
SHA256

eda31c062cbd2ad7235a85b468e5bbb2c3a7a12554f117b832976ec2e67ed0b9
SHA512

403214b17f24675aa122beba6c810f055574f3d32a06fffe236fd6600ecfd955ddfc0e5904b3aed8323893830359aabd55eb0dc1d20ab688e811861df57305ee
SSDEEP

384:RHwby5KqYPJMFCcvEZqcHn0BOMFpPkhRf0VqZIXEWOzMpvV7NA0k:Zwby5OJM4Q6UbRiR8X7Oozm0k

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/63c29ea90ff8d33d55756d2c2c5705b76c4de692a55a275225e034a0943f1557

Files

2357121d88c02365925c7089cc0212db_JaffaCakes118
.zip

Password: infected
63c29ea90ff8d33d55756d2c2c5705b76c4de692a55a275225e034a0943f1557
.dll windows:4 windows x86 arch:x86

9353082f7192af006d4529d00fe97230

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

connect
send
socket
select
recv
closesocket
ntohs
htons
gethostbyname
inet_addr
sendto
WSAStartup

user32

CharUpperBuffA
wvsprintfA
CharLowerA
CharUpperA
wsprintfA

kernel32

FindClose
GlobalAlloc
GetTempPathA
GetTempFileNameA
DeleteFileA
SetFilePointer
GetCurrentThread
SetThreadPriority
WriteFile
lstrcpyA
CloseHandle
ExitThread
CreateFileA
FileTimeToSystemTime
GetFileTime
lstrcatA
GetSystemTime
Sleep
ReadFile
CreateThread
lstrlenA
GetSystemDirectoryA
SetErrorMode
GetTickCount
GetTimeZoneInformation
FileTimeToLocalFileTime
GetLocalTime
WideCharToMultiByte
GetProcAddress
LoadLibraryA
GetModuleHandleA
GetCurrentProcess
Module32First
TerminateProcess
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
GetComputerNameA
GetLocaleInfoA
GetVersionExA
HeapFree
GetProcessHeap
HeapAlloc
lstrcpynA
lstrcmpA
lstrcmpiA
GlobalFree
InterlockedDecrement
InterlockedIncrement
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileSize
GetDriveTypeA
FindNextFileA
FindFirstFileA
GetEnvironmentVariableA
GetWindowsDirectoryA

wininet

InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetCloseHandle

advapi32

RegCloseKey
RegEnumKeyA
RegOpenKeyExA
RegQueryValueExA
LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges

msvcrt

isdigit
toupper
isxdigit
strcmp
_snprintf
memcpy
tolower
fscanf
strstr
sprintf
rand
srand
remove
isalnum
isspace
fgetc
fputc
_fcloseall
memset
strlen
fclose
fprintf
fopen
strcat
strcpy

shell32

ShellExecuteA

shlwapi

StrToIntA

Sections

.text
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

9353082f7192af006d4529d00fe97230

Headers

File Characteristics

Imports

ws2_32

user32

kernel32

wininet

advapi32

msvcrt

shell32

shlwapi

Sections

.text Size: 54KB - Virtual size: 53KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 54KB - Virtual size: 53KB

.reloc
Size: 3KB - Virtual size: 2KB