2331d800b7ede3a0d51e297c2c20c013_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2331d800b7ede3a0d51e297c2c20c013_JaffaCakes118
Size

79KB
MD5

2331d800b7ede3a0d51e297c2c20c013
SHA1

e835ed9804fee77c665dd13f744e768c75573fe8
SHA256

472154bf5eac7d5ae3bf17b44510b9b02ba4f0fb4dc526f7e7525725c33ce848
SHA512

550aa09746630e93a79265856de6d24c378b212502e5c6c9dae729ce1ca8fb6e8c22cbf7bc81575451818bb07ee7dc3787edbcde1dcb8a41a37329f9a68bfdde
SSDEEP

1536:9r6PGsMHUUcdpQ1tvoOqidkq3R/Wcl1dnSDqwc1:9CMhA9idkqZR1dnSb0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2331d800b7ede3a0d51e297c2c20c013_JaffaCakes118

Files

2331d800b7ede3a0d51e297c2c20c013_JaffaCakes118
.dll windows:4 windows x86 arch:x86

9047c16356e93fb89698dee51e1b5e15

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileSectionA
GetFileSize
GetProcAddress
GetSystemDirectoryA
GetSystemTime
GetTempPathA
GetTickCount
GlobalLock
GlobalUnlock
GetCurrentProcessId
GetCurrentThreadId
HeapDestroy
HeapFree
LoadLibraryA
MoveFileA
OpenEventA
ResetEvent
ResumeThread
HeapCreate
SetErrorMode
SetEvent
SetFilePointer
Sleep
SystemTimeToFileTime
HeapAlloc
SetEndOfFile
WritePrivateProfileSectionA
CreateMutexA
GetWindowsDirectoryA
CreateProcessA
GetEnvironmentVariableA
FormatMessageA
GetLocaleInfoA
ReadFile
ReleaseMutex
CreateThread
CreatePipe
DuplicateHandle
GetCurrentProcess
GetExitCodeProcess
PeekNamedPipe
TerminateProcess
GetCommModemStatus
GetLocalTime
GetVersion
CloseHandle
FreeLibrary
DeleteFileA
CopyFileA
CreateFileA
CreateEventA
WaitForSingleObject
WriteFile
GetFileType

user32

IsClipboardFormatAvailable
KillTimer
MsgWaitForMultipleObjects
OpenClipboard
PeekMessageA
GetWindowThreadProcessId
PostQuitMessage
PostThreadMessageA
RegisterClassA
RegisterWindowMessageA
SendMessageA
SetWindowsHookExA
ShowWindow
GetClipboardData
GetParent
GetWindowTextA
CharToOemBuffA
OemToCharBuffA
PostMessageA
EnumWindows
GetClassLongA
GetActiveWindow
FindWindowA
DispatchMessageA
DestroyWindow
DefWindowProcA
CreateWindowExA
CloseClipboard
GetMessageTime
SetTimer
UnhookWindowsHookEx
GetClassNameA
UnregisterClassA
CallNextHookEx

advapi32

RegCreateKeyExA
RegDeleteValueA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
GetUserNameA

wsock32

send
WSAGetLastError
accept
bind
closesocket
connect
getsockname
ioctlsocket
listen
recv
WSACancelAsyncRequest
shutdown
inet_ntoa
inet_addr
gethostname
WSAAsyncSelect
WSAAsyncGetHostByName
socket
WSAStartup
WSACleanup

rasapi32

RasDialA
RasHangUpA

shell32

ShellExecuteA

Exports

Exports

init

Sections

.text
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 840B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9047c16356e93fb89698dee51e1b5e15

Headers

File Characteristics

Imports

kernel32

user32

advapi32

wsock32

rasapi32

shell32

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 42KB

.bss Size: - Virtual size: 840B

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 12KB - Virtual size: 9KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 44KB - Virtual size: 42KB

.bss
Size: - Virtual size: 840B

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 12KB - Virtual size: 9KB

.reloc
Size: 4KB - Virtual size: 2KB