2b34be2460155fbbf7013e36d7c8e305_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2b34be2460155fbbf7013e36d7c8e305_JaffaCakes118
Size

93KB
MD5

2b34be2460155fbbf7013e36d7c8e305
SHA1

b50ceb02cb86fa42dfaf71d3a72e6081720b2e19
SHA256

d863b373e5e45fa3cb28619743d7178d883f08fad2237b94d23d9e527bb20802
SHA512

b8e66982db1642288d95ef17b696d713e315e14c96f3691f61876079e6aa4e98f29b87f6919e44833f23dfc57a434f5e46ed0c0a62f0db88053b5047dafb4d42
SSDEEP

1536:wnPixIg2U6LrBwFHIigm0cK94jO0OkfhhoImsEevhspNXTUZrMJJSEj1mp:CPixIg2vLtOIfXcKAZ8shsbDUZrMJHG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b34be2460155fbbf7013e36d7c8e305_JaffaCakes118

Files

2b34be2460155fbbf7013e36d7c8e305_JaffaCakes118
.dll windows:4 windows x86 arch:x86

4c6ae9325a06351068cd2c662fd6ac83

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WriteFile
SetLastError
CreateThread
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetCurrentProcessId
GetCurrentDirectoryA
SetThreadPriority
GetCurrentThread
lstrcpyA
LoadLibraryA
FindFirstFileA
Module32Next
SetEndOfFile
SetFilePointer
GetCurrentProcess
lstrcmpiA
GetVersionExA
TerminateThread
MoveFileA
CreateDirectoryA
FindClose
GetLocalTime
FindNextFileA
CreateMutexA
ReleaseMutex
GetEnvironmentVariableA
lstrcmpA
Sleep
CreateFileA
DeleteFileA
GetLastError
MoveFileExA
OpenProcess
GetCurrentThreadId
CreatePipe
CreateProcessA
PeekNamedPipe
ReadFile
TerminateProcess
CloseHandle
WaitForSingleObject
SetCurrentDirectoryA
SleepEx
lstrlenA
lstrcpynA
HeapAlloc
LocalFree
GetProcessHeap
CopyFileA
HeapFree

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
RegQueryValueExA
LookupAccountSidA
OpenThreadToken
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
DeleteService
ControlService
OpenServiceA
StartServiceA
OpenSCManagerA
CreateServiceA
CloseServiceHandle
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegEnumKeyExA
RegQueryInfoKeyA
RegEnumValueA
RegCloseKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ImpersonateSelf

ws2_32

socket
gethostname
WSAIoctl
inet_ntoa
WSAStartup
ntohs
inet_addr
__WSAFDIsSet
recv
connect
htons
ioctlsocket
gethostbyname
gethostbyaddr
send
WSAGetLastError
closesocket
select

msvcrt

_CxxThrowException
??3@YAXPAX@Z
??1type_info@@UAE@XZ
_stricmp
_adjust_fdiv
memset
exit
memcpy
memmove
strncpy
strchr
strlen
_snprintf
strcmp
strstr
atoi
strtok
rename
rand
srand
time
strtoul
strcpy
free
calloc
_except_handler3
_local_unwind2
fgets
fclose
fopen
strftime
localtime
fwrite
fprintf
strncmp
_pctype
_isctype
__mb_cur_max
qsort
fseek
_iob
sprintf
gmtime
_mkdir
malloc
_vsnprintf
tolower
printf
freopen
fread
ftell
_initterm

user32

GetSystemMetrics
IsCharAlphaNumericA

oleaut32

GetErrorInfo

Sections

.text
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4c6ae9325a06351068cd2c662fd6ac83

Headers

File Characteristics

Imports

kernel32

advapi32

ws2_32

msvcrt

user32

oleaut32

Sections

.text Size: 68KB - Virtual size: 68KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 10KB - Virtual size: 1.5MB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 68KB - Virtual size: 68KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 10KB - Virtual size: 1.5MB

.reloc
Size: 9KB - Virtual size: 9KB