3f1f83ad208b40fdf006842e96a29640_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3f1f83ad208b40fdf006842e96a29640_JaffaCakes118
Size

28KB
MD5

3f1f83ad208b40fdf006842e96a29640
SHA1

9603432741808cd799909fc213324639107c6032
SHA256

349058b304ac5982d1e9a24262c0247ceb2b6f7b90eb6f3b6ff0ed83c4da7d1a
SHA512

987884d8a2f8f6d349d92e1179fae22c950c520fb32b82a89f07c762fd56613281064922f025745180d735da516e69ae3f666d29464ede37d7f8582044c8b135
SSDEEP

768:llzzvPIWPr6RL/yV0HrJkxNsTXqs+f9q:llzzvPIvL/yVcAs7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3f1f83ad208b40fdf006842e96a29640_JaffaCakes118

Files

3f1f83ad208b40fdf006842e96a29640_JaffaCakes118
.dll windows:4 windows x86 arch:x86

2f68100aea2365c81b1c3bb67112c7be

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord1158
ord540
ord860
ord924
ord858
ord535
ord2846
ord537
ord2764
ord6648
ord1168
ord4129
ord800
ord2915
ord825
ord823

msvcrt

_adjust_fdiv
_initterm
free
malloc
strncmp
exit
strncpy
strstr
sprintf
strchr
_strcmpi
rand
atoi
__CxxFrameHandler
time
srand

kernel32

Process32First
CreateProcessA
GetModuleHandleA
GetProcAddress
OpenProcess
CreateToolhelp32Snapshot
WriteProcessMemory
CreateRemoteThread
TerminateProcess
CloseHandle
lstrlenA
CreateThread
WinExec
GetSystemDirectoryA
GlobalMemoryStatus
VirtualAllocEx
Process32Next
UnmapViewOfFile
CreateMutexA
CreateFileMappingA
GetLastError
MapViewOfFile
WaitForSingleObject
ReleaseMutex
ExitThread
Sleep
GetVersionExA

user32

wsprintfA

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

urlmon

URLDownloadToFileA

ws2_32

inet_addr
htons
socket
closesocket
WSAStartup
connect
send
WSAGetLastError
__WSAFDIsSet
select
setsockopt
gethostbyname
recv

winmm

timeGetTime

Sections

.text
Size: - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.delete
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.pklstb
Size: 22KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.relo2
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2f68100aea2365c81b1c3bb67112c7be

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

advapi32

urlmon

ws2_32

winmm

Sections

.text Size: - Virtual size: 35KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: - Virtual size: 5KB

.rsrc Size: 1KB - Virtual size: 1KB

.delete Size: 512B - Virtual size: 2KB

.pklstb Size: 22KB - Virtual size: 38KB

.relo2 Size: 512B - Virtual size: 128B

.text
Size: - Virtual size: 35KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB

.delete
Size: 512B - Virtual size: 2KB

.pklstb
Size: 22KB - Virtual size: 38KB

.relo2
Size: 512B - Virtual size: 128B