2ea7d8623aad84b583c4c20094a4d703_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2ea7d8623aad84b583c4c20094a4d703_JaffaCakes118
Size

80KB
MD5

2ea7d8623aad84b583c4c20094a4d703
SHA1

1d6ab2e657146b25ca1ba9b392989a036e775049
SHA256

b5bd10d2d6c8ecaed023e40a09446631da9d698a5fffc42d63da414731b6c65b
SHA512

9413f0a3414c3983410f0ae53a73c461111f97f698a3fb31cf21fb1dcccc46ede7a53392d30fcb7186432fbf7081ed89007731639cc368681f97bd5341a3850d
SSDEEP

1536:fzJ6YGOFqT9/zAcdEnK0zXZjaT0si7xOkuZlasReVh:fz+xzAAb0TZjaGuZlDQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2ea7d8623aad84b583c4c20094a4d703_JaffaCakes118

Files

2ea7d8623aad84b583c4c20094a4d703_JaffaCakes118
.dll windows:4 windows x86 arch:x86

81605334d86e512a034d950e4c2cf5eb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
CloseHandle
WriteFile
CreateFileA
GetLastError
GlobalAlloc
GlobalFree
WritePrivateProfileStringA
GetPrivateProfileIntA
SetFilePointer
ReadFile
InterlockedIncrement
InterlockedDecrement
GetPrivateProfileStringA
WideCharToMultiByte
GetProcAddress
GetModuleFileNameA
lstrcpynA
GetLocalTime
SetEndOfFile
CreateThread
ReleaseMutex
WaitForSingleObject
CreateMutexA
TerminateThread
LoadLibraryA
SetErrorMode
DeleteFileA
GetSystemDirectoryA
lstrlenA
LocalFree
MultiByteToWideChar
lstrcatA
lstrcpyA
GetTickCount
GetFileSize
Sleep

user32

wsprintfA
DefWindowProcA
EndPaint
FillRect
BeginPaint
DispatchMessageA
TranslateMessage
PeekMessageA
CreateWindowExA
RegisterClassExA
DestroyWindow
CharLowerA
GetMessageA
CallNextHookEx
SetParent
FindWindowA
SetWindowLongA
GetWindowLongA
SetTimer
SetWindowsHookExA
KillTimer
UnhookWindowsHookEx

gdi32

GetStockObject

advapi32

RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey
RegOpenKeyA

ole32

OleInitialize
CoCreateInstance
OleUninitialize

oleaut32

VariantChangeType
VariantClear
VariantInit
SysFreeString
SysAllocString
VariantCopy

ws2_32

WSAStartup
socket
gethostbyname
htons
connect
send
closesocket

wininet

InternetCloseHandle
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA
DeleteUrlCacheEntry
FindCloseUrlCache
InternetOpenUrlA
InternetReadFile
InternetOpenA
InternetConnectA
FtpOpenFileA
InternetWriteFile

msvcp60

??0Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??1_Winit@std@@QAE@XZ

msvcrt

wcslen
_except_handler3
strcmp
_stricmp
srand
rand
strcat
_wcsnicmp
_strupr
_CxxThrowException
_onexit
_initterm
malloc
_adjust_fdiv
??1type_info@@UAE@XZ
_strcmpi
wcscmp
sprintf
atof
??2@YAPAXI@Z
memcpy
__dllonexit
strlen
strchr
free
wcstod
wcsstr
_wcslwr
_purecall
memset
__CxxFrameHandler
_strlwr
memcmp
strcpy
strstr

Sections

.text
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

81605334d86e512a034d950e4c2cf5eb

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

ws2_32

wininet

msvcp60

msvcrt

Sections

.text Size: 40KB - Virtual size: 37KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 8KB - Virtual size: 11KB

Shared Size: 16KB - Virtual size: 15KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 40KB - Virtual size: 37KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 8KB - Virtual size: 11KB

Shared
Size: 16KB - Virtual size: 15KB

.reloc
Size: 4KB - Virtual size: 2KB