17de438f17edfea82da0a0a2e9e00d4d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

17de438f17edfea82da0a0a2e9e00d4d_JaffaCakes118
Size

35KB
MD5

17de438f17edfea82da0a0a2e9e00d4d
SHA1

4adf09ffe29abb43451b2c3fe43abf2b6deb1da3
SHA256

c2be167a2957958835423e903ed325335a747cd00b0eb33f6ef81f99d882b2b4
SHA512

b7467555bc92ccba0e8ab986d7210721bdbc4a65da862fd20a6214f0d978b595e1f7365ee14a2d4a77f7b42ab7b04d8d408e32a00ef50bfacf82a21d807de0c8
SSDEEP

192:ztuZK22i2TfHlfiYsTHEFEWjyT0HuLxz3AgrRZ2IgGk5DSyWDLzqw1n2umH4SUtL:nbpqTKxjrkxz3Aw1FLz5O4SmPfu0R

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
17de438f17edfea82da0a0a2e9e00d4d_JaffaCakes118

Files

17de438f17edfea82da0a0a2e9e00d4d_JaffaCakes118
.dll windows:4 windows x86 arch:x86

96e09728f967eabb6516abf1dba485d2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcessId
lstrcpyA
GetTempPathA
GetWindowsDirectoryA
GetProcAddress
Sleep
CreateFileA
lstrcatA
ReadFile
FindFirstFileA
GetModuleHandleA
LocalAlloc
MoveFileExA
DeleteFileA
GetCurrentDirectoryA
CreateThread
IsBadStringPtrA
IsBadReadPtr
WritePrivateProfileStringA
GetPrivateProfileStringA
GetModuleFileNameA
Module32First
Module32Next
lstrlenA
ReadProcessMemory
OpenProcess
VirtualProtectEx
VirtualProtect
WriteProcessMemory
lstrcmpA
CreateToolhelp32Snapshot
CloseHandle

user32

ToAscii
GetKeyboardState
wsprintfA
MapVirtualKeyA

advapi32

CryptAcquireContextA
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
CryptCreateHash

shlwapi

StrStrIA

wininet

InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetCloseHandle

msvcrt

strcat
_itoa
_except_handler3
strrchr
_purecall
atol
memcmp
__CxxFrameHandler
isprint
strncat
strlen
_ltoa
strstr
??2@YAPAXI@Z
memset
strcpy
??3@YAXPAX@Z
memcpy

ws2_32

send
connect
recv
gethostbyname
socket
WSACleanup
WSAStartup
closesocket
htons

Exports

Exports

eu89uiuohndflod
mkniubyuwvyuew
mnblkjpoiu
poiiuyyutkjhg
sldkjwleuwoi

Sections

.bss
Size: - Virtual size: 17KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

shard
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

96e09728f967eabb6516abf1dba485d2

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

wininet

msvcrt

ws2_32

Exports

Exports

Sections

.bss Size: - Virtual size: 17KB

.data Size: 19KB - Virtual size: 18KB

shard Size: 12KB - Virtual size: 11KB

.reloc Size: 3KB - Virtual size: 2KB

.bss
Size: - Virtual size: 17KB

.data
Size: 19KB - Virtual size: 18KB

shard
Size: 12KB - Virtual size: 11KB

.reloc
Size: 3KB - Virtual size: 2KB