3c1d2ebefd64d11990e37e22cea817b2_JaffaCakes118

General

Target

3c1d2ebefd64d11990e37e22cea817b2_JaffaCakes118
Size

17KB
MD5

3c1d2ebefd64d11990e37e22cea817b2
SHA1

524c4429fab4c45429b9600230da789647e04da2
SHA256

d8cf31e7c3b45b58c03ff0022b0571ca2b0b8675da2439c72c6e35d96eae0c69
SHA512

776cff962e3779d4edc0dfe4ba15e3f2f78f9946d12d7a1aed62b0784a0b648f968ebf4d13d3392213daeb74d0571f82f55cb6ca0f75decd2d9b8bdb6c61576e
SSDEEP

384:zTuRI7UtPuo/046kU94DXveCLReQKgGDEsLyXbhm:XtyPuoM46+2pQ+DsXbh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3c1d2ebefd64d11990e37e22cea817b2_JaffaCakes118

Files

3c1d2ebefd64d11990e37e22cea817b2_JaffaCakes118
.dll windows:4 windows x86 arch:x86

bb73ab73d95f334699d68788fb798b69

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wsock32

htons
inet_addr
gethostbyname
recv
inet_ntoa
WSAStartup
ioctlsocket
send
socket
connect
WSACleanup
closesocket

user32

SetClipboardData
CloseClipboard
SetFocus
ShowWindow
keybd_event
EmptyClipboard
OpenClipboard
SetForegroundWindow
BlockInput
VkKeyScanA

advapi32

RegSetValueExA
RegCreateKeyA
RegCloseKey

wininet

InternetOpenUrlA
InternetOpenA
InternetReadFile

msvcrt

_CxxThrowException
fwrite
_onexit
__dllonexit
memcpy
toupper
strlen
strcpy
sprintf
memset
strcat
??3@YAXPAX@Z
??2@YAPAXI@Z
__CxxFrameHandler
rand
srand
malloc
time
system
fclose
??1type_info@@UAE@XZ
fopen
strtok
strstr
atoi
free
_initterm
_adjust_fdiv

ole32

CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

GetErrorInfo
VariantClear
SysAllocString
VariantInit
SysFreeString

kernel32

LocalFree
lstrlenA
MultiByteToWideChar
DisableThreadLibraryCalls
CreateThread
CreateMutexA
LoadLibraryA
GlobalUnlock
lstrcmpiA
CreateProcessA
GetLocaleInfoA
Sleep
GetTickCount
InterlockedDecrement
GetWindowsDirectoryA
GlobalAlloc
GlobalLock
GetLastError
GetProcAddress

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bb73ab73d95f334699d68788fb798b69

Headers

File Characteristics

Imports

wsock32

user32

advapi32

wininet

msvcrt

ole32

oleaut32

kernel32

Sections

.text Size: 11KB - Virtual size: 10KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 992B

.text
Size: 11KB - Virtual size: 10KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 992B