668e1ace1af870632abfe513104e40fb_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

668e1ace1af870632abfe513104e40fb_JaffaCakes118
Size

148KB
MD5

668e1ace1af870632abfe513104e40fb
SHA1

36f64a2061b42195375f2ee4c5d8d4388e236c97
SHA256

b6d1857ce7e315b4306d784e3d23e9c4646f8aac2575487a81d96c3f3249d66a
SHA512

0a2426a3b2c0cb1cf62d8cf58fcd796842a48b2e643ae26323cc205bc8557e76488c6f0ac1b47e33afd757d57266b54a0eacc3ebc3ece0e5486093a66faacc0f
SSDEEP

3072:EbbJosY3uxoKC+ppuq96U0MsrTQndNEn8JE:AJo13uOb+XX96Un2TQndNE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
668e1ace1af870632abfe513104e40fb_JaffaCakes118

Files

668e1ace1af870632abfe513104e40fb_JaffaCakes118
.dll windows:4 windows x86 arch:x86

6c16932bb6a4a2b928dd87b9cdec37b1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetPrivateProfileIntA
CreateDirectoryA
WaitForSingleObject
CreateEventA
CloseHandle
GetPrivateProfileStringA
Sleep
CreateThread
OutputDebugStringA
GetLastError
WritePrivateProfileStringA
SetEvent
GetTickCount
GetEnvironmentVariableA
GetProcAddress
InterlockedCompareExchange
InterlockedExchange
TlsFree
GetSystemInfo
TlsAlloc
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetFileSize
FlushFileBuffers
SetEndOfFile
SetFilePointer
ReadFile
WriteFile
LoadLibraryA
FreeLibrary
CreateFileA
GlobalFree
GlobalAlloc
SetLastError
LoadLibraryExA
GetVolumeInformationA

shell32

SHGetFolderPathA

ws2_32

recv
__WSAFDIsSet
shutdown
ioctlsocket
getsockname
gethostbyname
ntohl
inet_addr
WSAGetLastError
closesocket
socket
htons
connect
send
WSACleanup
WSAStartup
select

msvcp80

?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Xlen@_String_base@std@@SAXXZ
?_Xran@_String_base@std@@SAXXZ

libmmd

cos
sin
tan

msvcr80

getenv
sscanf
strncpy
strncat
calloc
free
_time64
malloc
memmove
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
memcpy_s
memmove_s
_invalid_parameter
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABQBD@Z
rand
_vsnprintf
__dllonexit
_onexit
_malloc_crt
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_except_handler3
_local_unwind2
??1type_info@@UAE@XZ
?terminate@@YAXXZ
__clean_type_info_names_internal
??3@YAXPAX@Z
sprintf
srand
__CxxFrameHandler
_localtime64
??2@YAPAXI@Z
memset
memcpy
_purecall

Exports

Exports

?getAuthServer@@YAPAVAuthServer@@XZ

Sections

.text
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text1
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6c16932bb6a4a2b928dd87b9cdec37b1

Headers

File Characteristics

Imports

kernel32

shell32

ws2_32

msvcp80

libmmd

msvcr80

Exports

Exports

Sections

.text Size: 80KB - Virtual size: 78KB

.text1 Size: 4KB - Virtual size: 1KB

.rdata Size: 24KB - Virtual size: 21KB

.data Size: 4KB - Virtual size: 9KB

.data1 Size: 8KB - Virtual size: 7KB

_RDATA Size: 4KB - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 1000B

.reloc Size: 16KB - Virtual size: 12KB

.text
Size: 80KB - Virtual size: 78KB

.text1
Size: 4KB - Virtual size: 1KB

.rdata
Size: 24KB - Virtual size: 21KB

.data
Size: 4KB - Virtual size: 9KB

.data1
Size: 8KB - Virtual size: 7KB

_RDATA
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 1000B

.reloc
Size: 16KB - Virtual size: 12KB