46f4660749a91ecc50456f98d2415c0d_JaffaCakes118

General

Target

46f4660749a91ecc50456f98d2415c0d_JaffaCakes118
Size

21KB
MD5

46f4660749a91ecc50456f98d2415c0d
SHA1

d4e868df4d1401a3141284050b669ab7322ad9ea
SHA256

1d06bcae67228548990e2200832fb0ea3a1a6b4a904e0837c6e15fb803cd4940
SHA512

9ba6b1f7e0f782558368f7cf858b37e295893f23ea66b5dcb73031ab71b14e1457be01c18fd9eb3ee7fc2accc2bf0516548c097e815d82fba2b237697712aeae
SSDEEP

384:ZrM5EosKEFYPO+mj6ehtORx+sWQzg8anG8BXDYa4A7VX:qk4O+mj6UOFWOkDYvs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
46f4660749a91ecc50456f98d2415c0d_JaffaCakes118

Files

46f4660749a91ecc50456f98d2415c0d_JaffaCakes118
.dll windows:4 windows x86 arch:x86

071a37086b611dc6b361019f36e9c79e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

OutputDebugStringA
GetLastError
WriteProcessMemory
VirtualProtectEx
MultiByteToWideChar
ReadProcessMemory
WaitForSingleObject
Sleep
CreateThread
CloseHandle
ReadFile
CreateFileA
GetSystemDirectoryA
WideCharToMultiByte
GetCurrentProcess
VirtualProtect
FreeLibrary
GetProcAddress
LoadLibraryA
TerminateProcess
GlobalAlloc
GlobalFree
LoadLibraryW
ExpandEnvironmentStringsW
GetCurrentProcessId
WriteFile
SetEvent
CreateEventA
OpenProcess
CreateMutexA
GetModuleFileNameA
HeapAlloc
GetProcessHeap
HeapFree
lstrlenA

ws2_32

htons
closesocket
recv
bind
select
WSCEnumProtocols
WSCGetProviderPath
listen
accept
gethostbyname
inet_ntoa
inet_addr
ntohs
socket
send
connect
__WSAFDIsSet
WSAGetLastError

user32

EnumWindows
GetWindowThreadProcessId
GetClassNameA
wsprintfA
IsCharAlphaNumericA
wvsprintfA
CharLowerBuffA

shell32

ShellExecuteA

Exports

Exports

WSPStartup

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

071a37086b611dc6b361019f36e9c79e

Headers

File Characteristics

Imports

kernel32

ws2_32

user32

shell32

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 12KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 10KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 12KB - Virtual size: 12KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 10KB

.reloc
Size: 2KB - Virtual size: 1KB