3237bc7a6815036778689c8f0fb375b3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3237bc7a6815036778689c8f0fb375b3_JaffaCakes118
Size

80KB
MD5

3237bc7a6815036778689c8f0fb375b3
SHA1

868d5af0dfda8580d07065a59cea712b5c93956e
SHA256

cc596dde451acfb0d7ca4f99a4d2888b1a040a8458ef3b2a95c072dcae1212d7
SHA512

8efeb88a7755536aa719f051caa4efa1184cff837399aed1bfd90160b7fb9855c793a128b776d6fdcc0c950e05a89872307228d4c751cdce7a2097812cc86e6a
SSDEEP

1536:CjEHiNVCfAQRQa6kgTDlxvxI7PYF4dp+ujZBUjVqCqaelG:CjEH+VXotgTD/x0Pq4dp9XU3xj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3237bc7a6815036778689c8f0fb375b3_JaffaCakes118

Files

3237bc7a6815036778689c8f0fb375b3_JaffaCakes118
.dll windows:5 windows x86 arch:x86

7b7ba07d02c2d411051f0feeef422944

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ws2_32.pdb

Imports

advapi32

RegNotifyChangeKeyValue
RegDeleteKeyA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegEnumKeyExA

kernel32

GetTickCount
QueryPerformanceCounter
lstrcmpA
HeapReAlloc
HeapFree
HeapAlloc
InterlockedCompareExchange
IsBadWritePtr
GetEnvironmentVariableA
GetComputerNameA
GetVersionExA
GetSystemDirectoryA
GetWindowsDirectoryA
WaitForMultipleObjectsEx
ResetEvent
IsBadReadPtr
TlsSetValue
GetHandleInformation
ExpandEnvironmentStringsA
InterlockedExchange
GetCurrentThreadId
TlsAlloc
GetSystemInfo
HeapCreate
GetProcessHeap
HeapDestroy
TlsFree
lstrlenA
lstrcpyA
IsBadCodePtr
GetProcAddress
CreateEventA
GetModuleFileNameA
LoadLibraryA
CreateThread
FreeLibrary
WaitForSingleObject
CloseHandle
FreeLibraryAndExitThread
EnterCriticalSection
SetEvent
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SwitchToThread
SetLastError
DelayLoadFailureHook
TlsGetValue
InterlockedDecrement
GetLastError
WideCharToMultiByte
MultiByteToWideChar
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
LeaveCriticalSection

msvcrt

__isascii
isspace
_except_handler3
sprintf
_adjust_fdiv
malloc
_initterm
free
_stricmp
fclose
fgets
atoi
strchr
fopen
wcscpy
strtoul
wcscmp
wcslen
wcschr

ntdll

RtlIpv4StringToAddressW
RtlIpv6StringToAddressExW
RtlIpv4StringToAddressA

ws2help

WahCompleteRequest
WahQueueUserApc
WahEnableNonIFSHandleSupport
WahDisableNonIFSHandleSupport
WahCreateSocketHandle
WahNotifyAllProcesses
WahCreateNotificationHandle
WahWaitForNotification
WahOpenCurrentThread
WahCloseThread
WahInsertHandleContext
WahRemoveHandleContext
WahDestroyHandleContextTable
WahCreateHandleContextTable
WahEnumerateHandleContexts
WahCloseApcHelper
WahCloseHandleHelper
WahCloseNotificationHandleHelper
WahOpenNotificationHandleHelper
WahOpenHandleHelper
WahOpenApcHelper
WahCloseSocketHandle
WahReferenceContextByHandle

Exports

Exports

FreeAddrInfoW
GetAddrInfoW
GetNameInfoW
WEP
WPUCompleteOverlappedRequest
WSAAccept
WSAAddressToStringA
WSAAddressToStringW
WSAAsyncGetHostByAddr
WSAAsyncGetHostByName
WSAAsyncGetProtoByName
WSAAsyncGetProtoByNumber
WSAAsyncGetServByName
WSAAsyncGetServByPort
WSAAsyncSelect
WSACancelAsyncRequest
WSACancelBlockingCall
WSACleanup
WSACloseEvent
WSAConnect
WSACreateEvent
WSADuplicateSocketA
WSADuplicateSocketW
WSAEnumNameSpaceProvidersA
WSAEnumNameSpaceProvidersW
WSAEnumNetworkEvents
WSAEnumProtocolsA
WSAEnumProtocolsW
WSAEventSelect
WSAGetLastError
WSAGetOverlappedResult
WSAGetQOSByName
WSAGetServiceClassInfoA
WSAGetServiceClassInfoW
WSAGetServiceClassNameByClassIdA
WSAGetServiceClassNameByClassIdW
WSAHtonl
WSAHtons
WSAInstallServiceClassA
WSAInstallServiceClassW
WSAIoctl
WSAIsBlocking
WSAJoinLeaf
WSALookupServiceBeginA
WSALookupServiceBeginW
WSALookupServiceEnd
WSALookupServiceNextA
WSALookupServiceNextW
WSANSPIoctl
WSANtohl
WSANtohs
WSAProviderConfigChange
WSARecv
WSARecvDisconnect
WSARecvFrom
WSARemoveServiceClass
WSAResetEvent
WSASend
WSASendDisconnect
WSASendTo
WSASetBlockingHook
WSASetEvent
WSASetLastError
WSASetServiceA
WSASetServiceW
WSASocketA
WSASocketW
WSAStartup
WSAStringToAddressA
WSAStringToAddressW
WSAUnhookBlockingHook
WSAWaitForMultipleEvents
WSApSetPostRoutine
WSCDeinstallProvider
WSCEnableNSProvider
WSCEnumProtocols
WSCGetProviderPath
WSCInstallNameSpace
WSCInstallProvider
WSCUnInstallNameSpace
WSCUpdateProvider
WSCWriteNameSpaceOrder
WSCWriteProviderOrder
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostbyaddr
gethostbyname
gethostname
getnameinfo
getpeername
getprotobyname
getprotobynumber
getservbyname
getservbyport
getsockname
getsockopt
htonl
htons
inet_addr
inet_ntoa
ioctlsocket
listen
ntohl
ntohs
recv
recvfrom
select
send
sendto
setsockopt
shutdown
socket

Sections

.text
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7b7ba07d02c2d411051f0feeef422944

Headers

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcrt

ntdll

ws2help

Exports

Exports

Sections

.text Size: 72KB - Virtual size: 72KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 1016B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 72KB - Virtual size: 72KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 3KB - Virtual size: 3KB