3c64527f8f5fa22c556467fafb68d49b_JaffaCakes118

General

Target

3c64527f8f5fa22c556467fafb68d49b_JaffaCakes118
Size

92KB
MD5

3c64527f8f5fa22c556467fafb68d49b
SHA1

864343935a8f351a718757c3b60c2678fbebecea
SHA256

c3762cd0c8703c12d8446f1c22d31c6fd1c83e029aefd5cfc43fbe3ca6243b34
SHA512

25dd9dfa81b5f651ec84259e02b94432ae7ff1e02df5f2e71dc8c228d58655b6e10fa8769bfdb34cc7400d4eee09bc6523c95325cbe081c2e6ce98a90a0d27af
SSDEEP

1536:n8UZsv9INF3WZvLu2I9Tl84tnN+oxzAkeolX:VZs9ImpM/ZIideo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3c64527f8f5fa22c556467fafb68d49b_JaffaCakes118

Files

3c64527f8f5fa22c556467fafb68d49b_JaffaCakes118
.dll windows:4 windows x86 arch:x86

e831d7ffd2788af9e7b9bf0da6da00a6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapAlloc
GetVersionExA
ExitThread
GetExitCodeThread
CloseHandle
WaitForMultipleObjects
CreateThread
Sleep
GetModuleFileNameA
FreeLibrary
GetProcAddress
LoadLibraryA
SetLastError
GetTickCount
GetLastError
GetPrivateProfileStringA
CreateFileA
LCMapStringA
LCMapStringW
InterlockedIncrement
EnterCriticalSection
TlsSetValue
SetEndOfFile
GetOEMCP
GetACP
SetFilePointer
ReadFile
GetStringTypeW
GetStringTypeA
GetCPInfo
SetStdHandle
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
TlsGetValue
TlsFree
TlsAlloc
InterlockedDecrement
RtlUnwind
GetCurrentThreadId
LeaveCriticalSection
HeapFree
GetLocalTime
HeapReAlloc
GetCommandLineA
GetVersion
InitializeCriticalSection
DeleteCriticalSection
ExitProcess
WideCharToMultiByte
MultiByteToWideChar
GetCurrentProcess
TerminateProcess
FlushFileBuffers
WriteFile
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
VirtualAlloc
HeapSize
GetModuleHandleA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree

user32

TranslateMessage
wsprintfA
PeekMessageA
DispatchMessageA

ws2_32

sendto
inet_ntoa
htonl
recv
setsockopt
__WSAFDIsSet
select
gethostbyname
gethostname
socket
inet_addr
bind
WSAIoctl
closesocket
WSAGetLastError
ntohs
htons
ntohl
gethostbyaddr

Exports

Exports

GetPluginInfo
PluginFunc

Sections

.text
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e831d7ffd2788af9e7b9bf0da6da00a6

Headers

File Characteristics

Imports

kernel32

user32

ws2_32

Exports

Exports

Sections

.text Size: 56KB - Virtual size: 53KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 20KB - Virtual size: 120KB

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 56KB - Virtual size: 53KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 20KB - Virtual size: 120KB

.reloc
Size: 8KB - Virtual size: 5KB