2e149a977994edd733c11989109d8cb7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2e149a977994edd733c11989109d8cb7_JaffaCakes118
Size

75KB
MD5

2e149a977994edd733c11989109d8cb7
SHA1

7e5b2e4603b9d87f790d2a5c2f49c93e4ee31ded
SHA256

965e7b27e925acd123d7c166aded4098765b5af7c8349b6cceccf10cfe4e3afd
SHA512

25e8dee1fe9e4461d0bf5ab7f0bc993ce79f3ecfdf2314fccf67c0c59829bae092d626b8c6ebfe6d8489461b10440fbdfdfceadf41274916cbc64d0500c265c7
SSDEEP

1536:oTJtc6X0p2Ei/jf0FHVUDwgXGdrYmSJF6Q1cLjz3Kr97kfswHkSkMPliY6+0T1w:oTJdXY2EiQFHV6wgXG2wHkRMPIY0Ty

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2e149a977994edd733c11989109d8cb7_JaffaCakes118

Files

2e149a977994edd733c11989109d8cb7_JaffaCakes118
.dll windows:4 windows x86 arch:x86

2ee7eb503d865023dcd7b2795c3fe9bf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

wsprintfA
DispatchMessageA
GetMessageA
ShowWindow
FindWindowExA
GetWindowTextA
EnumWindows
IsCharAlphaNumericA
TranslateMessage

kernel32

LocalFree
CreateMutexA
GetCurrentThreadId
lstrcatA
lstrcpyA
lstrcpynA
lstrcmpA
lstrlenA
GetProcAddress
LoadLibraryA
CreateThread
GlobalAlloc
CloseHandle
GetFileSize
CreateFileA
GetLastError
GetVersionExA
CreateProcessA
FreeLibrary
TerminateProcess
GetExitCodeProcess
OpenProcess
Sleep
GetLocalTime
InterlockedIncrement
InterlockedDecrement
MultiByteToWideChar
WideCharToMultiByte
WritePrivateProfileStringA
GetVersion
GetPrivateProfileStringA
GetPrivateProfileIntA
GetTickCount
GetLocaleInfoA
GetSystemDefaultLCID
WriteFile
FindClose
FindFirstFileA
FindNextFileA
GetFullPathNameA
GetModuleHandleA

advapi32

RegCreateKeyExA
SetServiceStatus
RegCreateKeyA
RegEnumKeyExA
RegisterServiceCtrlHandlerA

ws2_32

accept
send
recv
closesocket
shutdown
connect
htons
WSAStartup
gethostbyname
socket

msvcrt

memcpy
atol
_splitpath
strncmp
_strupr
__dllonexit
??1type_info@@UAE@XZ
_onexit
_CxxThrowException
_strcmpi
_strnicmp
fgetc
_unlink
srand
rand
_strlwr
wcslen
strncpy
strlen
__CxxFrameHandler
memset
strstr
strcpy
fclose
fprintf
fopen
free
fwrite
fread
malloc
??3@YAXPAX@Z
tmpnam
strcat
??2@YAPAXI@Z
sprintf
_mbsrchr
memcmp

ole32

CoCreateInstance
OleInitialize
CoUninitialize
CoInitialize
OleUninitialize

oleaut32

GetErrorInfo
SysFreeString
VariantClear
SysAllocStringLen
VariantCopy
VariantInit
SafeArrayUnaccessData
SafeArrayAccessData
SysAllocString
SafeArrayCreateVector

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
ServiceMain

Sections

.text
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2ee7eb503d865023dcd7b2795c3fe9bf

Headers

File Characteristics

Imports

user32

kernel32

advapi32

ws2_32

msvcrt

ole32

oleaut32

Exports

Exports

Sections

.text Size: 47KB - Virtual size: 47KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 17KB - Virtual size: 36KB

.CRT Size: 512B - Virtual size: 4B

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 47KB - Virtual size: 47KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 17KB - Virtual size: 36KB

.CRT
Size: 512B - Virtual size: 4B

.reloc
Size: 4KB - Virtual size: 4KB