1542490ad48b428637da1a7b8556dc33_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

1542490ad48b428637da1a7b8556dc33_JaffaCakes118
Size

32KB
MD5

1542490ad48b428637da1a7b8556dc33
SHA1

3f46e5085d12f47578f6cf2729a7feea0f3d9507
SHA256

f48efa7b31c0823e9bcf5a07e7ebdaa901a4772c0693fccd2d2a1078d2003f6b
SHA512

ee52a27c7e9761a0f7f76263451b12c242429a01c9356bdd8080dcd7ca4086161ccd7666a4dcf841a76f83b498f7ae23e41178b609523f26a909c011971f5dd4
SSDEEP

768:FoySXyRCC+fWH2wwz2WY+4boj03ls9u4juoka+slmGU:FoySXyRCfwwz2m4zubuaNmG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1542490ad48b428637da1a7b8556dc33_JaffaCakes118

Files

1542490ad48b428637da1a7b8556dc33_JaffaCakes118
.dll windows:4 windows x86 arch:x86

7a3149f25159b6492d78942a0d01be38

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

gethostbyname
inet_ntoa
ntohl
recv
socket
inet_addr
htons
connect
send
closesocket

mfc42

ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord815
ord2725
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord1116
ord3147
ord269
ord826
ord600
ord1578
ord6467
ord1255
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord825
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1168
ord1575
ord1176
ord3953

msvcrt

??1type_info@@UAE@XZ
_adjust_fdiv
malloc
_initterm
free
_onexit
__dllonexit
??2@YAPAXI@Z
__CxxFrameHandler
_strlwr
strncpy
memchr
atoi
strstr
sprintf
strcat
strcpy
strchr
strlen
memcpy
strncmp

kernel32

LocalAlloc
GlobalAlloc
WriteFile
GlobalFree
ExitProcess
SetFileAttributesA
CreateFileA
GetFileSize
ReadFile
GetTickCount
GetModuleHandleA
GetProcAddress
GetCurrentProcess
WriteProcessMemory
CloseHandle
CreateThread
GetLastError
CreateSemaphoreA
LocalFree
GetModuleFileNameA
VirtualQuery
Process32Next
TerminateProcess
DuplicateHandle
OpenProcess
Process32First
CreateToolhelp32Snapshot
Sleep
DeleteFileA
GetSystemDirectoryA

user32

SetWindowsHookExA
PeekMessageA
TranslateMessage
DispatchMessageA
KillTimer
GetWindowTextA
ScreenToClient
CallNextHookEx
SetTimer
GetForegroundWindow
GetDC
ReleaseDC

gdi32

GetObjectA
GetTextExtentExPointA
GetPixel
DeleteDC
DeleteObject
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetDIBits

Exports

Exports

Hook

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7a3149f25159b6492d78942a0d01be38

Headers

File Characteristics

Imports

ws2_32

mfc42

msvcrt

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 14KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 27KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 16KB - Virtual size: 14KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 27KB

.reloc
Size: 4KB - Virtual size: 1KB