41e96a853eb5aff92eee691aec4b5514_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

41e96a853eb5aff92eee691aec4b5514_JaffaCakes118
Size

96KB
MD5

41e96a853eb5aff92eee691aec4b5514
SHA1

1b8af99512c39ac6ab94b8477a056c2ce9991137
SHA256

d2cec748ff277002601f35394c4a1aed0216fd8ba8fa94be10a4b4f9846248c2
SHA512

924e6df1bea28c572b9d35e72169c73b6b0ab94eb6a38dd06ba0ca90fd8e71d5e59e02b98f2faf691335a89130e580721ee098a144ed31f08e82fae96a769b49
SSDEEP

768:lVkimNrTgo766xiA7vMF3Dm60zLibLTlxjTWQ11T7iXqi4rlUI3KbhSdId2npTlI:lvexsA4Fr0YjTW1H4xUI6VSdVlHo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
41e96a853eb5aff92eee691aec4b5514_JaffaCakes118

Files

41e96a853eb5aff92eee691aec4b5514_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d72cb64f4ac168478cb8c535708d6b20

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

WSCGetProviderPath
WPUCompleteOverlappedRequest
WSAGetLastError
WSASetLastError
WSCEnumProtocols

rpcrt4

NdrClientCall2
RpcStringBindingComposeA
RpcBindingFromStringBindingA

kernel32

CloseHandle
LeaveCriticalSection
SleepEx
CreateThread
EnterCriticalSection
GetLastError
ResetEvent
WaitForSingleObject
HeapAlloc
CreateSemaphoreA
GetSystemInfo
CreateIoCompletionPort
WaitForMultipleObjectsEx
PostQueuedCompletionStatus
ReleaseSemaphore
ExitThread
GetQueuedCompletionStatus
WaitForSingleObjectEx
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
HeapFree
SetEvent
OutputDebugStringA
GetCurrentProcessId
TlsAlloc
GetLongPathNameA
GetModuleFileNameA
FreeLibrary
LocalFree
LoadLibraryA
GetProcAddress
GetModuleHandleA
TlsSetValue
TlsGetValue
Sleep
WideCharToMultiByte
ExpandEnvironmentStringsA
LoadLibraryW
ExpandEnvironmentStringsW
HeapCreate
CreateEventA
HeapDestroy
SetStdHandle
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
FlushFileBuffers
SetFilePointer
GetOEMCP
GetACP
GetCPInfo
TlsFree
RaiseException
GetProcessHeap
RtlUnwind
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapSize
GetCurrentThreadId
SetLastError
GetEnvironmentVariableA
GetVersionExA
VirtualFree
VirtualAlloc
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr

user32

DefWindowProcA
PostQuitMessage
LoadIconA
LoadCursorA
wsprintfA
GetMessageA
TranslateMessage
DispatchMessageA
DestroyWindow
wvsprintfA
IsWindow
CreateWindowExA
RegisterClassA

gdi32

GetStockObject

Exports

Exports

WSPStartup

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d72cb64f4ac168478cb8c535708d6b20

Headers

File Characteristics

Imports

ws2_32

rpcrt4

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 56KB - Virtual size: 55KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 20KB - Virtual size: 25KB

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 56KB - Virtual size: 55KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 20KB - Virtual size: 25KB

.reloc
Size: 8KB - Virtual size: 5KB