14d41feb9128e66dd648196be03d04ba_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

14d41feb9128e66dd648196be03d04ba_JaffaCakes118
Size

52KB
MD5

14d41feb9128e66dd648196be03d04ba
SHA1

e3b0eff5990433e6d946cc72f345ca29ae691b29
SHA256

6f27655f1cfade68377c345a9673d5fc22670c0854b2edf78da2a2cedfc01e2a
SHA512

c614ff316ba56aff51680975326e84186e4f875330b3e46d43f9c5509a81d147b3751c1a056a0972ab2674bc3d64e03394a57b0ff27708c529774d842ad7aa8a
SSDEEP

768:MjMfBOi7TusyoAa0pcKkL1vs/QMsBAV2lqJVY1Ta2GoJxyLeErlVkh:nJlTu13cjaut0JVYzGoJwLNr7I

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
14d41feb9128e66dd648196be03d04ba_JaffaCakes118

Files

14d41feb9128e66dd648196be03d04ba_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d2d99f93e749181ce0cd4c41d5be94b0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

MessageBoxA
wsprintfA

advapi32

RegOpenKeyExA
OpenProcessToken
DuplicateToken
GetUserNameA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
SetThreadToken

ws2_32

inet_ntoa
gethostbyname
gethostname
WSAStartup
WSACleanup
recv
shutdown
send
socket
connect
WSAGetLastError
closesocket
getsockname
inet_addr
ntohs
htons

shlwapi

StrRChrA
StrChrA
StrTrimA
StrToIntA
StrStrA
wnsprintfA
wvnsprintfA
StrCmpNA

netapi32

Netbios

iphlpapi

GetTcpTable
GetUdpTable
GetAdaptersInfo

urlmon

URLDownloadToFileA

psapi

EnumProcesses
EnumProcessModules
GetModuleBaseNameA

shell32

ShellExecuteA

cabinet

FCIAddFile
FCIFlushFolder
FCICreate
FCIDestroy
FCIFlushCabinet

msvcrt

_close
_lseek
remove
strncpy
_initterm
_adjust_fdiv
_write
_read
_itoa
memcmp
_except_handler3
strrchr
atoi
strcmp
sprintf
_snprintf
??2@YAPAXI@Z
??3@YAXPAX@Z
strstr
memmove
strchr
strtok
time
srand
rand
strlen
strncmp
malloc
memset
memcpy
strcpy
strcat
free
_tempnam
_open

kernel32

GetLocalTime
GetDateFormatA
WaitForSingleObject
ReleaseMutex
CopyFileA
FileTimeToDosDateTime
CreateThread
ExitThread
CreateToolhelp32Snapshot
Process32First
Process32Next
WideCharToMultiByte
SetFileAttributesA
GetModuleFileNameA
GetCurrentDirectoryA
CreateProcessA
DisableThreadLibraryCalls
DeleteFileA
Sleep
GlobalMemoryStatus
FindFirstFileA
FindNextFileA
FindClose
HeapFree
HeapAlloc
OpenProcess
LoadLibraryA
GetProcAddress
GetFileAttributesA
FileTimeToLocalFileTime
GetFileInformationByHandle
GetProcessHeap
FormatMessageA
LocalFree
GlobalFree
FreeLibrary
GetEnvironmentVariableA
GetLogicalDriveStringsA
GetVersionExA
lstrcmpA
GetComputerNameA
lstrcmpiA
GetWindowsDirectoryA
GetFileTime
SetFileTime
GetSystemDirectoryA
lstrcatA
lstrcpyA
lstrcpynA
GetTempPathA
CreateFileA
GetLastError
CloseHandle
GetFileSize
SetFilePointer
WriteFile
SetEndOfFile
ReadFile
lstrlenA

Exports

Exports

DllMain
DllTSMain
ServiceMain
SetDIPC
TStartUp

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d2d99f93e749181ce0cd4c41d5be94b0

Headers

File Characteristics

Imports

user32

advapi32

ws2_32

shlwapi

netapi32

iphlpapi

urlmon

psapi

shell32

cabinet

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 26KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 8KB - Virtual size: 21KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 28KB - Virtual size: 26KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 8KB - Virtual size: 21KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 2KB