246e292c6c416fdfc0e8ebbdc15fdcde_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

246e292c6c416fdfc0e8ebbdc15fdcde_JaffaCakes118
Size

156KB
MD5

246e292c6c416fdfc0e8ebbdc15fdcde
SHA1

c300b863a14623a05d7e3fed39d94f209e282fc9
SHA256

94b39b6370a3ee91f97ae81b611212faaaba9bcc300f581925c0ce52544cbeed
SHA512

12ee4e4ef262d913894005da2f54943a9b2673f04e4100c4540b0d9b82edf28242ed5bb2fe832fef87f27836c4bcfed4142e2d5490a9742e16fdb12b12ca255b
SSDEEP

3072:ymMd54A+P0oRR/T4ZJQkqD/2BelFncoreNleH:c4A+5RmqD/2MHnVK+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
246e292c6c416fdfc0e8ebbdc15fdcde_JaffaCakes118

Files

246e292c6c416fdfc0e8ebbdc15fdcde_JaffaCakes118
.dll windows:4 windows x86 arch:x86

0fedcba22673d3a247c7214352bf2d94

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

secur32

LsaLogonUser

ws2_32

inet_ntoa
ntohs
getpeername
WSAGetLastError
WSASetLastError
WSASend
send
WSARecv
recvfrom
recv
WSAConnect
connect
closesocket

kernel32

SetFilePointer
GetOEMCP
ReadConsoleA
ReadConsoleW
ReadConsoleInputA
ReadConsoleInputW
SetLastError
GetLastError
CloseHandle
CreateThread
DuplicateHandle
GetCurrentThread
GetCurrentProcess
DisableThreadLibraryCalls
SetErrorMode
GetModuleFileNameA
GetProcAddress
GetModuleHandleA
CreateProcessA
OpenMutexA
MultiByteToWideChar
OpenProcess
lstrlenA
WideCharToMultiByte
SetStdHandle
VirtualFree
VirtualAlloc
Sleep
GetConsoleWindow
GetCurrentProcessId
SetEvent
ReleaseMutex
WaitForSingleObject
CreateMutexA
CreateEventA
DisconnectNamedPipe
WriteFile
WaitForMultipleObjects
WaitNamedPipeA
CreateFileA
FindClose
FindNextFileA
FindFirstFileA
GetWindowsDirectoryA
GetSystemTimeAdjustment
GetSystemTime
VirtualProtect
FlushInstructionCache
LoadLibraryA
GetStringTypeA
GetACP
GetCPInfo
RaiseException
FlushFileBuffers
CompareStringA
CompareStringW
GetStringTypeW
GetVersionExA
SetEnvironmentVariableA
HeapAlloc
HeapFree
GetCommandLineA
GetVersion
InterlockedDecrement
InterlockedIncrement
GetTimeZoneInformation
GetLocalTime
HeapReAlloc
RtlUnwind
HeapDestroy
HeapCreate
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
TerminateProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
LCMapStringA
LCMapStringW

user32

wsprintfA
CharLowerA

advapi32

EqualSid
FreeSid
LookupAccountNameW
OpenProcessToken
GetTokenInformation
EnumServicesStatusW
EnumServicesStatusA
AllocateAndInitializeSid

Sections

.text
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0fedcba22673d3a247c7214352bf2d94

Headers

File Characteristics

Imports

secur32

ws2_32

kernel32

user32

advapi32

Sections

.text Size: 124KB - Virtual size: 123KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 8KB - Virtual size: 14KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 124KB - Virtual size: 123KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 8KB - Virtual size: 14KB

.reloc
Size: 8KB - Virtual size: 6KB