15be057eb43366d8a0dd715b64200b8a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

15be057eb43366d8a0dd715b64200b8a_JaffaCakes118
Size

32KB
MD5

15be057eb43366d8a0dd715b64200b8a
SHA1

db7a7e3be41666050dd27ba3fc1df0b1b619f92d
SHA256

412363c8e582a89c0aa0d6dfcd815c205bd9716022e51b63d4f7e92c71311a32
SHA512

8dc458e0f9fa85d6d194960ea501abd2c97b903b3a7991d4060ef12dd9123ace2971a833caf18ae23628b71bd44094eaf18852f4560a494b32425f3a6ed9a6a5
SSDEEP

384:vxME1uLb02ZqE12t+lrentIaKY/7EA4tXhuQsEC2C+Jc9YjnELEoBUTITfo+SgpR:yEQVX1c1fy9huZP+JjYY6g7M+2fm+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
15be057eb43366d8a0dd715b64200b8a_JaffaCakes118

Files

15be057eb43366d8a0dd715b64200b8a_JaffaCakes118
.dll windows:4 windows x86 arch:x86

84ccdc6141e50c74aff9ccc7851378ad

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryW
ExpandEnvironmentStringsW
CloseHandle
WaitForSingleObject
CreateEventA
GetLastError
GetCurrentThreadId
GetPrivateProfileStringA
GetPrivateProfileIntA
WriteProcessMemory
GetTickCount
ReadProcessMemory
GetProcAddress
Sleep
GlobalUnlock
lstrcpyA
GlobalSize
GlobalLock
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetEvent
OpenEventA
OpenProcess
GetModuleFileNameW
GetModuleFileNameA
OutputDebugStringW
LoadLibraryA
OutputDebugStringA

user32

PostMessageA
LoadStringA
GetWindowThreadProcessId
IsClipboardFormatAvailable
OpenClipboard
GetClipboardData
CloseClipboard
CallNextHookEx
FindWindowA
FindWindowExA
GetDC
ReleaseDC
SetWindowsHookExA
UnhookWindowsHookEx

gdi32

GetPixel

shell32

ShellExecuteA

msvcrt

_adjust_fdiv
_initterm
_beginthread
malloc
free
atoi
strncmp
strcmp
strncpy
strstr
strcpy
_wcsicmp
strrchr
strcat
strlen
??2@YAPAXI@Z
vsprintf
vswprintf
memcpy
memset
_mbsicmp
_mbsrchr
??3@YAXPAX@Z
memcmp
wcscpy
sprintf
_stricmp

ws2_32

inet_ntoa
WSCGetProviderPath
WSCDeinstallProvider
htons
WSACleanup
closesocket
bind
socket
WSAStartup
WSAGetLastError
shutdown
connect
getpeername
send
recv
listen
accept
WSCEnumProtocols
WSCInstallProvider
WSCWriteProviderOrder
inet_addr
ntohs

dnsapi

DnsQuery_A
DnsRecordListFree

Exports

Exports

GetInstSouFile
GetTrVersion
SetInitState
SetInstSouFile
StartListen
WSPStartup
installProtocol
removeProtocol

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SharedS
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

84ccdc6141e50c74aff9ccc7851378ad

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

msvcrt

ws2_32

dnsapi

Exports

Exports

Sections

.text Size: 21KB - Virtual size: 21KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 3KB - Virtual size: 15KB

.SharedS Size: 1024B - Virtual size: 520B

.rsrc Size: 1024B - Virtual size: 648B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 21KB - Virtual size: 21KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 3KB - Virtual size: 15KB

.SharedS
Size: 1024B - Virtual size: 520B

.rsrc
Size: 1024B - Virtual size: 648B

.reloc
Size: 2KB - Virtual size: 1KB