32e7880a926b2c0b0cc6321aa2294932_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

32e7880a926b2c0b0cc6321aa2294932_JaffaCakes118
Size

24KB
MD5

32e7880a926b2c0b0cc6321aa2294932
SHA1

813e401b35d8730c93fcee0123a9590dcdae9202
SHA256

36b62b8896e6eea3bd6b1e26abd4ad51601827d3b50fd0e33e16be2162ce0a49
SHA512

8e4106beafb0d58140fff61bb134184e023e0ee319901c8ece514baa2fca45354f5506657fa9b2f731abe5273923eedc0f8bec53b8903039754f5440446e7db1
SSDEEP

768:sKw0ZK3kPnTg7LIExlVbaNbbT1cLXE5nb:7w0ZK30E7LTL9ccE5b

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
32e7880a926b2c0b0cc6321aa2294932_JaffaCakes118

Files

32e7880a926b2c0b0cc6321aa2294932_JaffaCakes118
.dll windows:4 windows x86 arch:x86

a996fe5499a23dec8f7f62d231cdc40e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
CreateThread
ReadFile
GetModuleFileNameA
GetTempPathA
GetWindowsDirectoryA
Process32Next
Process32First
CreateToolhelp32Snapshot
GetSystemDirectoryA
MoveFileExA
GetTempFileNameA
GetFileAttributesA
TerminateProcess
OpenProcess
CopyFileA
MoveFileA
GetTickCount
GetCommandLineA
SetFilePointer
DeleteFileA
CreateFileA
CloseHandle
LoadLibraryA
GetProcAddress
GetModuleHandleA
GlobalAlloc
VirtualProtect
CreateMutexA
GetLastError
ExitProcess
IsBadReadPtr

user32

wsprintfA

msvcp60

??0_Lockit@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ

ws2_32

connect
htons
gethostbyname
socket
recv
inet_ntoa
WSAStartup
send
WSACleanup
inet_addr
closesocket

psapi

GetModuleFileNameExA

wininet

InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetCloseHandle

msvcrt

_access
strrchr
strcat
memset
strchr
strncpy
strstr
free
_onexit
_initterm
_adjust_fdiv
_getpid
_stricmp
_strlwr
_strrev
__dllonexit
malloc
??2@YAPAXI@Z
memcpy
__CxxFrameHandler
strcmp
strlen
atoi
sprintf
strcpy

netapi32

Netbios

Exports

Exports

COMResModuleInstance
DriverProc
KsCreateAllocator
KsCreatePin
KsCreateTopologyNode
ServerMain
modMessage
modmCallback

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 541KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a996fe5499a23dec8f7f62d231cdc40e

Headers

File Characteristics

Imports

kernel32

user32

msvcp60

ws2_32

psapi

wininet

msvcrt

netapi32

Exports

Exports

Sections

.text Size: 15KB - Virtual size: 14KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 1KB - Virtual size: 541KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 15KB - Virtual size: 14KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 1KB - Virtual size: 541KB

.reloc
Size: 3KB - Virtual size: 3KB