3ac42560b8ded3afc559ef061623c317_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3ac42560b8ded3afc559ef061623c317_JaffaCakes118
Size

192KB
MD5

3ac42560b8ded3afc559ef061623c317
SHA1

37fa9762af3c5db6eda3557cc632171ba1fa1218
SHA256

5659059003899dfd0ad56aaa79a96eb31cc589e7a2a58d8d96fede7928570910
SHA512

7ed017fd95b3a356142a817b14b59956ad66c5518d82410ed825baae845a78536bfb542a44b4bbd3199d821ebb0755d79eb1424e9d0c538ad641f7862e1feaab
SSDEEP

3072:5EmRQTHmw10BnXFZRFIgntRvICnsnDTd6ahmih6RVOe9UElBz:5/GTGwWJvRugtRCnEIdmVOe9UE/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3ac42560b8ded3afc559ef061623c317_JaffaCakes118

Files

3ac42560b8ded3afc559ef061623c317_JaffaCakes118
.dll windows:4 windows x86 arch:x86

56769b88b1f4e1e90eec3fd222bd0be7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord772
ord6142
ord500
ord5860
ord540
ord6883
ord535
ord939
ord2818
ord860
ord6143
ord6283
ord6282
ord812
ord5862
ord559
ord798
ord2814
ord3810
ord533
ord1601
ord541
ord941
ord861
ord4278
ord825
ord926
ord2915
ord922
ord1158
ord3663
ord2841
ord2448
ord5440
ord6383
ord5450
ord6394
ord2044
ord2107
ord3903
ord5834
ord665
ord354
ord2614
ord1979
ord5572
ord5442
ord3318
ord5186
ord801
ord1182
ord537
ord5683
ord4129
ord858
ord800
ord823
ord342
ord924
ord1253
ord5710
ord1168

msvcrt

?terminate@@YAXXZ
_adjust_fdiv
_initterm
_onexit
__dllonexit
??1type_info@@UAE@XZ
strtol
wctomb
_mbccpy
_mbsnbcmp
_mbsstr
_mbclen
_mbsncmp
_mbschr
isspace
realloc
free
malloc
_errno
fopen
fseek
ftell
fclose
time
fprintf
_snprintf
_vsnprintf
atol
memmove
sprintf
_ftol
_except_handler3
_mbsicmp
atoi
_CxxThrowException
_mbscmp
_atoi64
__CxxFrameHandler
rename
strrchr
ctime
_itoa

kernel32

GetComputerNameA
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemInfo
DeleteFileA
GetModuleFileNameA

user32

FindWindowA
SendMessageA
PostMessageA
RegisterWindowMessageA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegQueryInfoKeyA
RegCloseKey
RegEnumKeyA

ole32

CoCreateInstance
CoUninitialize
CoSetProxyBlanket
CoInitialize

oleaut32

SysAllocString
VariantInit
SysFreeString
VariantClear

wsock32

WSAStartup
closesocket
select
send
WSACleanup
setsockopt
ioctlsocket
connect
gethostbyname
htons
socket

Exports

Exports

CollectHardwareAssert
CollectSoftwareAssert
CollectSystemAssert
CompareHWAssert
CompareSWAssert

Sections

.text
Size: 140KB - Virtual size: 138KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 744B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

56769b88b1f4e1e90eec3fd222bd0be7

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

advapi32

ole32

oleaut32

wsock32

Exports

Exports

Sections

.text Size: 140KB - Virtual size: 138KB

.rdata Size: 20KB - Virtual size: 18KB

.data Size: 12KB - Virtual size: 13KB

.rsrc Size: 4KB - Virtual size: 744B

.reloc Size: 12KB - Virtual size: 10KB

.text
Size: 140KB - Virtual size: 138KB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 12KB - Virtual size: 13KB

.rsrc
Size: 4KB - Virtual size: 744B

.reloc
Size: 12KB - Virtual size: 10KB