05abe17b11f14e7d06b8f5f47cb7d159_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

05abe17b11f14e7d06b8f5f47cb7d159_JaffaCakes118
Size

19KB
MD5

05abe17b11f14e7d06b8f5f47cb7d159
SHA1

38ecfb32133a425a55d4673c74c6402768db9b07
SHA256

86ad78389bc0cf1a50bbe820133870f4342e1f75af6d1de64efec5e5be179929
SHA512

bed8411ab82bb16b912637a74bc07415631ed412e0d80dbb60f0b16e2350b3a2615c2dba532feaf09b67c367f546826997c5eed1e9cc55856855dc4f0d0a1546
SSDEEP

384:3c/tAAm2QFFMjJ9MJn2XVcU0HHqGlJ6RfjlxHw3rPLW4XGdWr:3c/w6XuBr6pB5w3rPVGQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
05abe17b11f14e7d06b8f5f47cb7d159_JaffaCakes118

Files

05abe17b11f14e7d06b8f5f47cb7d159_JaffaCakes118
.dll windows:4 windows x86 arch:x86

0169d8a8faf422e5201bfe2c9e18ed50

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
ReleaseMutex
SetEvent
GetFileTime
CreateFileA
SetFileTime
WriteFile
UnmapViewOfFile
SetFileAttributesA
DeleteFileA
MoveFileExA
GetTempFileNameA
GetTempPathA
CloseHandle
GetLastError
CreateMutexA
OpenEventA
CreateEventA
MapViewOfFile
OpenFileMappingA
CreateFileMappingA
FreeLibrary
LoadLibraryA
GetSystemDirectoryA
WaitForMultipleObjects
GetModuleFileNameA
GetComputerNameA
GetVersionExA
Sleep
GetModuleHandleA
GetProcAddress
GetCurrentProcess
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
WriteProcessMemory
VirtualProtectEx
ReadProcessMemory
InitializeCriticalSection

user32

ExitWindowsEx

advapi32

OpenProcessToken
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegCloseKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
LookupPrivilegeValueA
AdjustTokenPrivileges

msvcrt

_stricmp
_strnicmp
_purecall
_beginthreadex
malloc
free
strncpy
__CxxFrameHandler
__dllonexit
_onexit
_initterm
_adjust_fdiv

shlwapi

PathFileExistsA
PathFindFileNameA

ws2_32

gethostbyname
send
recv
htons
closesocket
socket
WSAStartup
WSACleanup
connect

Exports

Exports

InitHelperDll

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0169d8a8faf422e5201bfe2c9e18ed50

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

shlwapi

ws2_32

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 11KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 1000B

.rsrc Size: 1024B - Virtual size: 984B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 1000B

.rsrc
Size: 1024B - Virtual size: 984B

.reloc
Size: 1KB - Virtual size: 1KB