2c97284b4e81ef948302d0baf1b89279_JaffaCakes118

General

Target

2c97284b4e81ef948302d0baf1b89279_JaffaCakes118
Size

60KB
MD5

2c97284b4e81ef948302d0baf1b89279
SHA1

e569653efb0a652425547ca675a30314770728ce
SHA256

44bfa7c10d1f965912941769ba5910eac47902c7968b3af9f67e1cd9a7fa6800
SHA512

c42751071fa3d2879ff8c8804ef0a416221e4d9a81350bd05eba19b0fec32caab0432379ea39108ed1903aa58e01f27737ed1d1c71b2cfc7a97bd5401b16cc2a
SSDEEP

1536:eiGsiWZVdLH2OWCFoouCmqrd9z27VTw0fov4qW7SI1qxHlp64kIJCII6G:efsiWZVdLH2OWCaoKqrdF27VTw0fovKz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2c97284b4e81ef948302d0baf1b89279_JaffaCakes118

Files

2c97284b4e81ef948302d0baf1b89279_JaffaCakes118
.dll windows:4 windows x86 arch:x86

79ccf481cdc9967745d6d976eebbfa2c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

setsockopt
connect
ioctlsocket
__WSAFDIsSet
htons
select
closesocket
WSASetLastError
WSAGetLastError
socket
htonl
inet_addr
ntohl
recv
send
WSAStartup
gethostbyname
gethostname
inet_ntoa
WSACleanup

winmm

timeGetTime

kernel32

GetTickCount
WaitForSingleObject
GetExitCodeThread
SetLastError
lstrcpyA
CreateProcessA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetSystemDirectoryA
SetCurrentDirectoryA
WinExec
FindFirstFileA
FindNextFileA
GetLastError
CloseHandle

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegDeleteKeyA
RegCloseKey

shell32

SHGetSpecialFolderPathA

msvcrt

strstr
strtoul
strrchr
strchr
memmove
sscanf
_pctype
__mb_cur_max
_isctype
strtol
fputc
_ftol
_strdup
toupper
fflush
strftime
gmtime
_initterm
_adjust_fdiv
atoi
_errno
strncpy
strncat
free
calloc
fwrite
fclose
fopen
remove
fgetc
sprintf
_access
malloc
rand
srand
time
fread
_iob
vsprintf
realloc
_beginthreadex

Exports

Exports

CheckConnectionAndGetIP
SwindleWebBrowser
UseThisCode

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

79ccf481cdc9967745d6d976eebbfa2c

Headers

File Characteristics

Imports

ws2_32

winmm

kernel32

advapi32

shell32

msvcrt

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 41KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 44KB - Virtual size: 41KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 1KB