46e387f68444b3467a09c72eab1c8d72_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

46e387f68444b3467a09c72eab1c8d72_JaffaCakes118
Size

236KB
MD5

46e387f68444b3467a09c72eab1c8d72
SHA1

87822e87c8210e309fd7625d15e2d70934b215ec
SHA256

e6801bd7c9fb56da0a0246b5a5db9abd954fccbba27d5a0015522c9759a70075
SHA512

6ea6c6c95962b10f0598ca2c0ef9a59d4fdef4e4908cffaaab083486df960cb152d9d948f2deb60ffa5e34f04ec3ed719281853e58976e6c585e809e085b70eb
SSDEEP

6144:3hcHD9235mMZO6qNLupXlGqkLc90v1QnnoL:RID923EMZcNLupXlT14g

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
46e387f68444b3467a09c72eab1c8d72_JaffaCakes118

Files

46e387f68444b3467a09c72eab1c8d72_JaffaCakes118
.dll windows:4 windows x86 arch:x86

abbdc6cc974ef9fea9bfcf8fc00f1ad3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
GetExitCodeThread
SetEvent
WaitForSingleObject
WaitForMultipleObjects
CreateEventA
InitializeCriticalSection
CloseHandle
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
ResetEvent
lstrlenA
InterlockedIncrement
InterlockedDecrement
LCMapStringW
LCMapStringA
LoadLibraryA
InterlockedExchange
GetLastError
CreateThread
GetCurrentThreadId
TlsSetValue
TlsGetValue
ExitThread
RtlUnwind
ResumeThread
RaiseException
GetCommandLineA
GetVersion
HeapFree
TlsAlloc
TlsFree
SetLastError
HeapAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
HeapReAlloc
HeapSize
SetUnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
IsBadWritePtr
IsBadReadPtr
IsBadCodePtr
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
GetProcAddress

user32

wsprintfA

wsock32

WSAStartup
socket
bind
getsockname
ntohs
closesocket
htons
sendto
select
recvfrom
gethostbyname
setsockopt

Exports

Exports

OkiSnmpc_ClosePort
OkiSnmpc_OpenPort
OkiSnmpc_PostSnmpMessage
OkiSnmpc_SetTrap1Proc

Sections

.text
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 144KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

abbdc6cc974ef9fea9bfcf8fc00f1ad3

Headers

File Characteristics

Imports

kernel32

user32

wsock32

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 58KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 12KB - Virtual size: 12KB

.rsrc Size: 144KB - Virtual size: 142KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 60KB - Virtual size: 58KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 144KB - Virtual size: 142KB

.reloc
Size: 8KB - Virtual size: 4KB