2a99436af60ea8dff0d3c4f4acde5f94_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2a99436af60ea8dff0d3c4f4acde5f94_JaffaCakes118
Size

124KB
MD5

2a99436af60ea8dff0d3c4f4acde5f94
SHA1

f7e56aecf30326682c256a0d5252846a7ca00c5a
SHA256

bc24fb43e5791b77ccd93e702f38648e8ef0600e885416639dae7c04bcefa00c
SHA512

78ee87d472c58aa0cb391babe36b2ae3098e83a5665f080151cf5c4b4c5de1a63bfa79f22727dc729d16e4fcc6604e180e8cc2f6a3443c77895fcab902dfb756
SSDEEP

1536:8f0yp5ipFEpF2QzGyYt+prSgVLYzS+pJpa+yb8+VVCl+6:8sa5rPY8u+VVCl7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2a99436af60ea8dff0d3c4f4acde5f94_JaffaCakes118

Files

2a99436af60ea8dff0d3c4f4acde5f94_JaffaCakes118
.dll windows:4 windows x86 arch:x86

bcbd3226e652ec6097a9bdbb4aad3236

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Works\KernelBots_Up2\Shell\Release\Shell.pdb

Imports

ws2_32

inet_ntoa
WSACleanup
setsockopt
htonl
sendto
WSAStartup
send
socket
inet_addr
htons
connect
select
closesocket
gethostbyname

kernel32

SetEndOfFile
ReadFile
GetLastError
GetSystemInfo
VirtualProtect
FlushFileBuffers
Sleep
CreateThread
WideCharToMultiByte
GetTickCount
GetVersionExW
InterlockedExchange
GetACP
GetLocaleInfoA
InitializeCriticalSection
DeleteCriticalSection
GetModuleFileNameA
GetProcAddress
GetModuleHandleW
CloseHandle
GetSystemDirectoryA
OpenFile
lstrcatW
lstrcpyW
lstrlenW
GetModuleFileNameW
CreateProcessW
GetSystemDirectoryW
CreateFileW
GetPrivateProfileStringW
GetStartupInfoW
GetCurrentProcess
GetExitCodeThread
WaitForSingleObject
VirtualFree
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
OpenProcess
TerminateProcess
CopyFileW
DeleteFileW
ExitProcess
RtlUnwind
HeapFree
GetCurrentThreadId
GetCommandLineA
GetVersionExA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
TlsAlloc
SetLastError
SetStdHandle
TlsFree
TlsSetValue
TlsGetValue
GetModuleHandleA
VirtualQuery
HeapDestroy
HeapCreate
LeaveCriticalSection
EnterCriticalSection
HeapAlloc
VirtualAlloc
HeapReAlloc
HeapSize
WriteFile
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
LoadLibraryA
SetFilePointer
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetCPInfo
GetStringTypeA
GetStringTypeW
GetOEMCP

user32

wsprintfW

advapi32

LookupPrivilegeValueW
OpenProcessToken
AdjustTokenPrivileges

wininet

InternetReadFile
InternetCloseHandle
InternetOpenUrlW
InternetOpenW

Exports

Exports

GetDllModuleControl
StartShell

Sections

.text
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Shell__
Size: 4KB - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bcbd3226e652ec6097a9bdbb4aad3236

Headers

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

user32

advapi32

wininet

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 45KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 48KB - Virtual size: 63KB

.Shell__ Size: 4KB - Virtual size: 520B

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 48KB - Virtual size: 45KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 48KB - Virtual size: 63KB

.Shell__
Size: 4KB - Virtual size: 520B

.reloc
Size: 8KB - Virtual size: 5KB