23ce2ce417bdd4061169af4a0086c7de_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

23ce2ce417bdd4061169af4a0086c7de_JaffaCakes118
Size

192KB
MD5

23ce2ce417bdd4061169af4a0086c7de
SHA1

ff6c82b6a48f4f202b3010278f1c3ac8624c4caa
SHA256

16ee899d3b4bb2a300789d509d32fc75a7e4cd364d38fd1a5d860c96e91bf45a
SHA512

b6930db968d3653226bd34a9e4d7997736bab95132db37ee0f021a02bd7a73ab07b299e10459f3573973da912571cc50d24d0e42c8ac69a8ac14d5c30cb2acf6
SSDEEP

3072:L8oydoGBtKKQ/BBs9QBQ7o6zoc9FN2y9bX6ttNDt:APDKn/zSQBUoc4y9b4Dt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
23ce2ce417bdd4061169af4a0086c7de_JaffaCakes118

Files

23ce2ce417bdd4061169af4a0086c7de_JaffaCakes118
.dll windows:4 windows x86 arch:x86

12520d392572e6cc5a25bf28793ca4e1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Thread32Next
CloseHandle
Thread32First
CreateToolhelp32Snapshot
GetCurrentProcessId
Process32Next
lstrcmpiA
Process32First
Module32Next
lstrcpyA
Module32First
GetModuleFileNameA
MultiByteToWideChar
GetProcAddress
LoadLibraryA
IsBadReadPtr
GetCurrentThreadId
ReadProcessMemory
OpenProcess
CreateRemoteThread
VirtualFreeEx
WriteProcessMemory
VirtualAllocEx
Sleep
ResumeThread
SetThreadContext
GetThreadContext
SuspendThread
OpenThread
GetLastError
GetVersionExA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
VirtualFree
lstrlenA
ReadFile
GetFileSize
CreateFileA
DeviceIoControl
InitializeCriticalSection
DeleteCriticalSection
HeapFree
GetProcessHeap
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
FreeLibrary
GetSystemDirectoryA
FindResourceA
SizeofResource
LockResource
LoadResource
FindResourceExA
HeapReAlloc
HeapAlloc
RaiseException
SetEndOfFile
IsBadCodePtr
GetStringTypeW
GetStringTypeA
SetFilePointer
TerminateProcess
VirtualAlloc
VirtualProtect
IsBadWritePtr
GetModuleHandleA
GetCurrentProcess
WideCharToMultiByte
FlushFileBuffers
SetStdHandle
WriteFile
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
HeapSize
LCMapStringW
LCMapStringA
GetCPInfo
GetOEMCP
HeapCreate
HeapDestroy
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
GetTickCount
QueryPerformanceCounter
GetCommandLineA
GetSystemTimeAsFileTime
ExitProcess
ExitThread
CreateThread
RtlUnwind
GetSystemInfo
VirtualQuery

user32

wsprintfA
ShowWindow
SendMessageA
EnumThreadWindows
IsWindow
IsWindowVisible
GetAsyncKeyState
MessageBoxA

advapi32

AdjustTokenPrivileges
GetSecurityInfo
SetEntriesInAclA
SetSecurityInfo
OpenProcessToken
LookupPrivilegeValueA

shlwapi

PathRenameExtensionA
PathStripPathA
PathRemoveFileSpecA

ws2_32

WSAGetOverlappedResult
WSAGetLastError
closesocket
WSAStartup
WSASend
WSAResetEvent
inet_ntoa
htonl
getservbyname
htons
inet_addr
gethostbyname
gethostbyaddr
getservbyport
ntohs
WSASocketA
WSAEnumNetworkEvents
WSAConnect
WSAEventSelect
WSASetEvent
WSACreateEvent
WSARecv
WSACleanup
WSACloseEvent

Sections

.text
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

12520d392572e6cc5a25bf28793ca4e1

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

ws2_32

Sections

.text Size: 172KB - Virtual size: 172KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 12KB - Virtual size: 12KB

.text
Size: 172KB - Virtual size: 172KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 12KB - Virtual size: 12KB