34c80c7353a896f2e0a504b04eb10f71_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

34c80c7353a896f2e0a504b04eb10f71_JaffaCakes118
Size

110KB
MD5

34c80c7353a896f2e0a504b04eb10f71
SHA1

e4fc2e84a0cd70f381f720bfb963f8a86a2ad74e
SHA256

7015a447aa888d50baf553668611bf3c66058e76a305f9904dd00230c5c94fc5
SHA512

a68821eae2f96268f85568fd3f25e3dbfb17ecd9732c5689666a2d0bdb7600acd11abb7cf6dadeb9886706a984c176a7e57dbb2ceb84a844648ad9fede690d1f
SSDEEP

1536:iIXbIMIqkuvfZ/AuwTVxsKDjirfmWHfqeyqkaUiqvic8fO89:i0fxxvfGTVaCkiqRue

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
34c80c7353a896f2e0a504b04eb10f71_JaffaCakes118

Files

34c80c7353a896f2e0a504b04eb10f71_JaffaCakes118
.dll windows:4 windows x86 arch:x86

94b1b31b83541b0caf4c2392e00e045c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteFileA
SetThreadPriority
CloseHandle
Sleep
WriteFile
GetTempPathA
ReadFile
GetFileSize
CreateFileA
TerminateThread
CreateToolhelp32Snapshot
GetCurrentProcessId
TerminateProcess
CreateEventA
OpenEventA
GetCommandLineA
GetTickCount
OutputDebugStringA
GetWindowsDirectoryA
Process32Next
GetModuleHandleA
GetComputerNameA
GetVolumeInformationA
GetLocalTime
CreateProcessA
OpenProcess
GetSystemDirectoryA
GetCurrentThreadId
DeviceIoControl
ExitProcess
DisableThreadLibraryCalls
VirtualAlloc
VirtualFree
GetLastError
MultiByteToWideChar
WriteProcessMemory
VirtualProtectEx
ReadProcessMemory
SetErrorMode
GlobalAlloc
GlobalLock
LoadLibraryA
GetProcAddress
GlobalUnlock
GlobalFree
IsBadReadPtr
CreateThread
WideCharToMultiByte
GetModuleFileNameA
Process32First
GetCurrentProcess

user32

GetWindowThreadProcessId
EnumWindows
GetWindowTextA
GetMessageA
PostMessageA
wsprintfA
PostThreadMessageA
GetInputState
ClipCursor

wininet

InternetCloseHandle
HttpQueryInfoA
InternetOpenUrlA
InternetOpenA
InternetReadFile
InternetOpenUrlW
InternetOpenW

ws2_32

inet_ntoa
getpeername

advapi32

RegQueryValueExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegFlushKey
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA

netapi32

Netbios

iphlpapi

GetAdaptersInfo

msvcrt

_strlwr
strncat
time
srand
??2@YAPAXI@Z
strstr
atoi
strchr
strrchr
__CxxFrameHandler
sprintf
??3@YAXPAX@Z
wcscmp
wcslen
free
_initterm
malloc
_adjust_fdiv
_stricmp
_strupr
_strdup
abort

Sections

.text
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

zdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

vdata
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

94b1b31b83541b0caf4c2392e00e045c

Headers

File Characteristics

Imports

kernel32

user32

wininet

ws2_32

advapi32

netapi32

iphlpapi

msvcrt

Sections

.text Size: 92KB - Virtual size: 91KB

zdata Size: 9KB - Virtual size: 9KB

vdata Size: 1024B - Virtual size: 1024B

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 92KB - Virtual size: 91KB

zdata
Size: 9KB - Virtual size: 9KB

vdata
Size: 1024B - Virtual size: 1024B

.reloc
Size: 7KB - Virtual size: 7KB