2a4b0824db4f79452f7d28749b4ff7b9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2a4b0824db4f79452f7d28749b4ff7b9_JaffaCakes118
Size

79KB
MD5

2a4b0824db4f79452f7d28749b4ff7b9
SHA1

4a4b2937bf66afeeaf9900c0ccbb6c8dcd9383cd
SHA256

20a4deb379a5d1345064e16bab4f0445a1cb00bb5d6065ecf9e9d554e84b9976
SHA512

a7e6ee6da9cefffcae41c9e6d8061c93ec8d2999fa80de2e24ed6825231b3463a6f4bc5087e438aeb6bd1a96f9ec819d02d646d9be222b2234cac6021ed88faa
SSDEEP

1536:ll/vWAtQWFwx2J1X9K4WrbfZkYmAY1dwu1dnSlZwqu:lFQEk4WrbfZk60Gu1dnSE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2a4b0824db4f79452f7d28749b4ff7b9_JaffaCakes118

Files

2a4b0824db4f79452f7d28749b4ff7b9_JaffaCakes118
.dll windows:4 windows x86 arch:x86

9047c16356e93fb89698dee51e1b5e15

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileSectionA
GetFileSize
GetProcAddress
GetSystemDirectoryA
GetSystemTime
GetTempPathA
GetTickCount
GlobalLock
GlobalUnlock
GetCurrentProcessId
GetCurrentThreadId
HeapDestroy
HeapFree
LoadLibraryA
MoveFileA
OpenEventA
ResetEvent
ResumeThread
HeapCreate
SetErrorMode
SetEvent
SetFilePointer
Sleep
SystemTimeToFileTime
HeapAlloc
SetEndOfFile
WritePrivateProfileSectionA
CreateMutexA
GetWindowsDirectoryA
CreateProcessA
GetEnvironmentVariableA
FormatMessageA
GetLocaleInfoA
ReadFile
ReleaseMutex
CreateThread
CreatePipe
DuplicateHandle
GetCurrentProcess
GetExitCodeProcess
PeekNamedPipe
TerminateProcess
GetCommModemStatus
GetLocalTime
GetVersion
CloseHandle
FreeLibrary
DeleteFileA
CopyFileA
CreateFileA
CreateEventA
WaitForSingleObject
WriteFile
GetFileType

user32

IsClipboardFormatAvailable
KillTimer
MsgWaitForMultipleObjects
OpenClipboard
PeekMessageA
GetWindowThreadProcessId
PostQuitMessage
PostThreadMessageA
RegisterClassA
RegisterWindowMessageA
SendMessageA
SetWindowsHookExA
ShowWindow
GetClipboardData
GetParent
GetWindowTextA
CharToOemBuffA
OemToCharBuffA
PostMessageA
EnumWindows
GetClassLongA
GetActiveWindow
FindWindowA
DispatchMessageA
DestroyWindow
DefWindowProcA
CreateWindowExA
CloseClipboard
GetMessageTime
SetTimer
UnhookWindowsHookEx
GetClassNameA
UnregisterClassA
CallNextHookEx

advapi32

RegCreateKeyExA
RegDeleteValueA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
GetUserNameA

wsock32

send
WSAGetLastError
accept
bind
closesocket
connect
getsockname
ioctlsocket
listen
recv
WSACancelAsyncRequest
shutdown
inet_ntoa
inet_addr
gethostname
WSAAsyncSelect
WSAAsyncGetHostByName
socket
WSAStartup
WSACleanup

rasapi32

RasDialA
RasHangUpA

shell32

ShellExecuteA

Exports

Exports

init

Sections

.text
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 840B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9047c16356e93fb89698dee51e1b5e15

Headers

File Characteristics

Imports

kernel32

user32

advapi32

wsock32

rasapi32

shell32

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 42KB

.bss Size: - Virtual size: 840B

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 12KB - Virtual size: 9KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 44KB - Virtual size: 42KB

.bss
Size: - Virtual size: 840B

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 12KB - Virtual size: 9KB

.reloc
Size: 4KB - Virtual size: 2KB