43ad86b7e5e4161c101888a31d91a59f_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

43ad86b7e5e4161c101888a31d91a59f_JaffaCakes118
Size

23KB
MD5

43ad86b7e5e4161c101888a31d91a59f
SHA1

dcd9fa6ea791ef8d4a735e7285e0981faee640b4
SHA256

de6c40b59dbfae6f8c7693f958797f5d646ca63676e0fc700c6f977a3c89afe6
SHA512

a8cc6df8535474d7e705478dc2e630bcc0125afeb9bbc4b03aeae76ec36ff85228286344f0560bd965d77a99b3214b546d7d39b35428d9695a7d98e6e8558981
SSDEEP

384:XvxfA7SZf2GKIpbZCXno5zEGdQN7bXFr1QHM3mNFX81x:XZuSZ+G2adCXFr1QHM3o81x

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
43ad86b7e5e4161c101888a31d91a59f_JaffaCakes118

Files

43ad86b7e5e4161c101888a31d91a59f_JaffaCakes118
.dll windows:4 windows x86 arch:x86

4d0d6e69b54ba5551ed79e7e13eb22a7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

HttpQueryInfoA
InternetCloseHandle
InternetOpenUrlA
InternetReadFile
InternetOpenA
InternetSetOptionA

ws2_32

gethostbyname
WSAStartup
inet_ntoa
inet_addr

shlwapi

SHDeleteKeyA

mfc42

ord3738
ord561
ord815
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord269
ord826
ord1116
ord600
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord823
ord825
ord1578
ord6467
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1168
ord1575
ord1176

msvcrt

??1type_info@@UAE@XZ
_adjust_fdiv
malloc
_initterm
free
_onexit
__dllonexit
_except_handler3
strstr
fseek
fopen
fwrite
fclose
_EH_prolog
__CxxFrameHandler
strcpy
sprintf
memcpy
strchr
atoi
memset
fread

kernel32

GetModuleFileNameA
GetShortPathNameA
GetEnvironmentVariableA
GetCurrentProcess
SetPriorityClass
GetCurrentThread
SetThreadPriority
CreateProcessA
ResumeThread
DeleteFileA
Sleep
FreeLibrary
GetVersion
DeviceIoControl
GetCurrentProcessId
CloseHandle
lstrlenA
lstrcmpA
lstrcpyA
LoadLibraryA
GetProcAddress
CreateRemoteThread
GetModuleHandleA
WriteProcessMemory
VirtualAllocEx
lstrlenW
OpenProcess
MultiByteToWideChar
LocalFree
LocalAlloc
CreateFileA
ExitProcess
FreeLibraryAndExitThread
GetSystemDirectoryA
GetStartupInfoA
CreateThread
DisableThreadLibraryCalls
VirtualFreeEx
lstrcatA
WaitForSingleObject

user32

wsprintfA
CharUpperA

advapi32

DeleteService
ControlService
OpenServiceA
StartServiceA
CreateServiceA
CloseServiceHandle
RegOpenKeyExA
RegCloseKey
OpenSCManagerA

Exports

Exports

ServiceMain

Sections

.text
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 267B - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 822B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4d0d6e69b54ba5551ed79e7e13eb22a7

Headers

File Characteristics

Imports

wininet

ws2_32

shlwapi

mfc42

msvcrt

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 9KB - Virtual size: 12KB

.rdata Size: 4KB - Virtual size: 8KB

.data Size: 267B - Virtual size: 12KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 822B - Virtual size: 1024B

.text
Size: 9KB - Virtual size: 12KB

.rdata
Size: 4KB - Virtual size: 8KB

.data
Size: 267B - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 822B - Virtual size: 1024B