302bb9d9e91c5dc79adc1bd2394bc42c_JaffaCakes118

General

Target

302bb9d9e91c5dc79adc1bd2394bc42c_JaffaCakes118
Size

60KB
MD5

302bb9d9e91c5dc79adc1bd2394bc42c
SHA1

2099743f6509ff76f96c6f83a8cae4bd993b327e
SHA256

fde92f66a2eca4491ce438a48b3bb55ed1cf02a1e4e553eed04f39e3e60cbfd0
SHA512

cc2118e029c6cec9d4480ab9ce45506cc8e889e8fc039b169ee6d9b23d6b52e84d2bb287632f9b47fa87e1a47add08542205584aacc9b3250097b8ee9cf2feee
SSDEEP

1536:eUWaE/VdL3GOWCtbMYuqUqV9z27VDw0foaQSWDiYxqxvBJ264kIWeoI6Gz:eFaE/VdL3GOWCyYQqVF27VDw0foaeiYd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
302bb9d9e91c5dc79adc1bd2394bc42c_JaffaCakes118

Files

302bb9d9e91c5dc79adc1bd2394bc42c_JaffaCakes118
.dll windows:4 windows x86 arch:x86

79ccf481cdc9967745d6d976eebbfa2c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

setsockopt
connect
ioctlsocket
__WSAFDIsSet
htons
select
closesocket
WSASetLastError
WSAGetLastError
socket
htonl
inet_addr
ntohl
recv
send
WSAStartup
gethostbyname
gethostname
inet_ntoa
WSACleanup

winmm

timeGetTime

kernel32

GetTickCount
WaitForSingleObject
GetExitCodeThread
SetLastError
lstrcpyA
CreateProcessA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetSystemDirectoryA
SetCurrentDirectoryA
WinExec
FindFirstFileA
FindNextFileA
GetLastError
CloseHandle

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegDeleteKeyA
RegCloseKey

shell32

SHGetSpecialFolderPathA

msvcrt

strstr
strtoul
strrchr
strchr
memmove
sscanf
_pctype
__mb_cur_max
_isctype
strtol
fputc
_ftol
_strdup
toupper
fflush
strftime
gmtime
_initterm
_adjust_fdiv
atoi
_errno
strncpy
strncat
free
calloc
fwrite
fclose
fopen
remove
fgetc
sprintf
_access
malloc
rand
srand
time
fread
_iob
vsprintf
realloc
_beginthreadex

Exports

Exports

CheckConnectionAndGetIP
SwindleWebBrowser
UseThisCode

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

79ccf481cdc9967745d6d976eebbfa2c

Headers

File Characteristics

Imports

ws2_32

winmm

kernel32

advapi32

shell32

msvcrt

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 41KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 44KB - Virtual size: 41KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 1KB