0fca2a1095745f0e525bfc60cb5ba3b3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0fca2a1095745f0e525bfc60cb5ba3b3_JaffaCakes118
Size

180KB
MD5

0fca2a1095745f0e525bfc60cb5ba3b3
SHA1

333022ac29ecf7ac52f00a645771f022da48c928
SHA256

357cce602c95fb05bcd38de09eb0bcfef27f3c4bc56faa03008c3a2f9c474e3d
SHA512

7888a277342388c7df11ca563a85e85ac2614b1fd0eb2157d9cc0f7210ba41dbcb5405d6c67e928305499524d7db1a989b6aba8ed7a71001f617f1cb723bb665
SSDEEP

3072:5z+cABVlEgwQj4yQGn1Fl1z+tDhYyPM07gZKxQr0crf8TBfTV7sl8b:5z/ABVlEgwQj4yQGnWDhZPM07goQrj8T

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0fca2a1095745f0e525bfc60cb5ba3b3_JaffaCakes118

Files

0fca2a1095745f0e525bfc60cb5ba3b3_JaffaCakes118
.dll windows:4 windows x86 arch:x86

b9ce856954b311bc412764520af7187e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

IsBadWritePtr
MoveFileExA
GetExitCodeThread
CreateThread
ExitProcess
SetUnhandledExceptionFilter
GetCurrentThreadId
SystemTimeToFileTime
GetSystemTime
DeleteFileA
GetModuleFileNameA
GetFileSize
CreateFileA
GetTempFileNameA
GetTempPathA
WriteFile
GetWindowsDirectoryA
SetFilePointer
TerminateThread
GetVersionExA
QueryDosDeviceA
DefineDosDeviceA
GetCurrentProcess
HeapReAlloc
GetOverlappedResult
LoadLibraryA
GetProcAddress
GetSystemDirectoryA
CreateProcessA
Sleep
CloseHandle
GetLastError
FreeLibrary
ResetEvent
SetEvent
CreateEventA
IsBadReadPtr
ReleaseSemaphore
WaitForSingleObject
ReleaseMutex
HeapFree
GetProcessHeap
HeapAlloc
ReadFile
CreateMutexA
DeviceIoControl
GetVolumeInformationA
SetEnvironmentVariableA
CompareStringW
CompareStringA
FlushFileBuffers
SetStdHandle
SetEndOfFile
InitializeCriticalSection
IsBadCodePtr
GetLocaleInfoA
EnterCriticalSection
RtlUnwind
GetTimeFormatA
GetDateFormatA
GetTimeZoneInformation
GetSystemTimeAsFileTime
GetCommandLineA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
InterlockedExchange
VirtualQuery
GetACP
GetOEMCP
GetCPInfo
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetModuleHandleA
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
TerminateProcess
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
LeaveCriticalSection

user32

wsprintfA

advapi32

AddAce
RegDeleteValueA
InitializeSecurityDescriptor
OpenProcessToken
GetTokenInformation
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
AllocateAndInitializeSid
GetLengthSid
RegEnumKeyExA
IsValidSecurityDescriptor
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey

dnsapi

DnsRecordListFree
DnsQuery_A

ws2_32

WSAStartup
WSASend
WSARecv
WSASocketA
WSACreateEvent
htons
gethostname
WSAEventSelect
WSACloseEvent
WSAGetOverlappedResult
WSAGetLastError
shutdown
setsockopt
closesocket
WSAConnect
WSAEnumNetworkEvents

iphlpapi

GetIpAddrTable

Exports

Exports

mlmain

Sections

.text
Size: 132KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b9ce856954b311bc412764520af7187e

Headers

File Characteristics

Imports

kernel32

user32

advapi32

dnsapi

ws2_32

iphlpapi

Exports

Exports

Sections

.text Size: 132KB - Virtual size: 130KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 4KB - Virtual size: 10KB

.reloc Size: 12KB - Virtual size: 9KB

.text
Size: 132KB - Virtual size: 130KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 4KB - Virtual size: 10KB

.reloc
Size: 12KB - Virtual size: 9KB