955ab9c110966ff061609315e26b9c2d_JaffaCakes118

General

Target

955ab9c110966ff061609315e26b9c2d_JaffaCakes118
Size

173KB
MD5

955ab9c110966ff061609315e26b9c2d
SHA1

cc7704ecba0bc255ad4e30e0ba7eff9ab51860d2
SHA256

8212fa6de11fa5aca1442f0e45600eaccbd99e78ef4cd49e8ff56a14d85ea63b
SHA512

2140f0e73d559fffe69c7eb0dd80ea9d18ffb04af4db434d28c1d3fdf5c69648964f52460212dfee626551534c8d264bed5c159e0cc2945647a0f127cae8aef1
SSDEEP

3072:ihfHE/TM9s9n9vdpiZdNlD1vJwebwp0g51vcnSjX+:0HytdIHDNJUgaX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
955ab9c110966ff061609315e26b9c2d_JaffaCakes118

Files

955ab9c110966ff061609315e26b9c2d_JaffaCakes118
.dll windows:5 windows x86 arch:x86

f9e0c5f18dcc1a8f87919fa48a3d00bf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateThread
GetLastError
WaitForSingleObject
CloseHandle
CreateFileW
FlushFileBuffers
WriteConsoleW
SetStdHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
OutputDebugStringW
LoadLibraryExW
HeapReAlloc
FreeEnvironmentStringsW
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
MultiByteToWideChar
GetStringTypeW
HeapFree
HeapAlloc
RaiseException
RtlUnwind
GetSystemTimeAsFileTime
GetCommandLineA
GetCurrentThreadId
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetProcAddress
IsProcessorFeaturePresent
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ExitProcess
GetModuleHandleExW
HeapSize
GetProcessHeap
GetStdHandle
WriteFile
GetModuleFileNameW
IsDebuggerPresent
IsValidCodePage
GetACP
GetOEMCP
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW

ws2_32

ntohs
socket
setsockopt
sendto
select
recvfrom
ntohl
inet_addr
htons
htonl
getsockname
connect
closesocket
bind

Exports

Exports

DeinitServerExtension
GetExtensionName
InitServerExtension
_ReflectiveLoader@0

Sections

.text
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f9e0c5f18dcc1a8f87919fa48a3d00bf

Headers

File Characteristics

Imports

kernel32

ws2_32

Exports

Exports

Sections

.text Size: 119KB - Virtual size: 119KB

.rdata Size: 37KB - Virtual size: 36KB

.data Size: 8KB - Virtual size: 16KB

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 119KB - Virtual size: 119KB

.rdata
Size: 37KB - Virtual size: 36KB

.data
Size: 8KB - Virtual size: 16KB

.reloc
Size: 7KB - Virtual size: 7KB