4a59d3a7976e46884d5e80c780598f03_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

4a59d3a7976e46884d5e80c780598f03_JaffaCakes118
Size

25KB
MD5

4a59d3a7976e46884d5e80c780598f03
SHA1

6fb43e2ae838e065e91c01fae04bfaa35e02ad5f
SHA256

bdf121f921bf1a94af9a06cf4b7755b1d9a291de3e27cc111243591d85c5e2d6
SHA512

b1d401bc0b8604297c4ff7bf2a372f6f9889052d8b5ddf1c7d0bfad3ee607b31d972ae8bc013d66378beae0a38be404c59e096ce36c0f577b1d4b9234912e492
SSDEEP

384:6Fq8kSCOk7cRodTeC1ZkefDKXl87JHgxS4T1+:Qq8MZndTeC9KVqJHgxB1+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4a59d3a7976e46884d5e80c780598f03_JaffaCakes118

Files

4a59d3a7976e46884d5e80c780598f03_JaffaCakes118
.dll windows:4 windows x86 arch:x86

179453a9244438d0fa34ceab0ae4d61e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

iphlpapi

GetTcpTable
GetUdpTable

kernel32

CloseHandle
CreateFileA
CreateProcessA
DeleteCriticalSection
EnterCriticalSection
FindFirstFileA
FormatMessageA
FreeLibrary
GetEnvironmentVariableA
GetFileSize
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileIntA
GetPrivateProfileStringA
GetProcAddress
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LocalFree
OutputDebugStringA
ReadFile
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
lstrcatA
lstrcmpA
lstrcpyA
lstrlenA

msvcrt

__dllonexit
_errno
_iob
_winmajor
abort
atoi
calloc
fflush
free
fwrite
malloc
memcpy
strstr
vfprintf

user32

BringWindowToTop
EnumWindows
GetClassNameA
GetWindowTextA
GetWindowThreadProcessId
MessageBoxA
wsprintfA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

ws2_32

WSACleanup
WSAGetLastError
WSAStartup
closesocket
connect
gethostbyname
htons
inet_addr
ioctlsocket
ntohs
recv
send
socket

Exports

Exports

CallRewe
Cfg
Cfg_int
Env
File
Find
FindPidFile
FreePort
Jpf
LastError
Numify
Open
PidFile
Request
Scan
Spawn
SpawnIf
StartRewe
Stringify
Synchronize
Test
_Join
_Request
dll
fini
jardiff

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 268B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 497B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

179453a9244438d0fa34ceab0ae4d61e

Headers

File Characteristics

Imports

iphlpapi

kernel32

msvcrt

user32

version

ws2_32

Exports

Exports

Sections

.text Size: 10KB - Virtual size: 9KB

.data Size: 512B - Virtual size: 296B

.rdata Size: 1KB - Virtual size: 1KB

.eh_fram Size: 512B - Virtual size: 4B

.bss Size: - Virtual size: 268B

.edata Size: 512B - Virtual size: 497B

.idata Size: 2KB - Virtual size: 2KB

.CRT Size: 512B - Virtual size: 24B

.tls Size: 512B - Virtual size: 32B

.reloc Size: 1024B - Virtual size: 588B

.text
Size: 10KB - Virtual size: 9KB

.data
Size: 512B - Virtual size: 296B

.rdata
Size: 1KB - Virtual size: 1KB

.eh_fram
Size: 512B - Virtual size: 4B

.bss
Size: - Virtual size: 268B

.edata
Size: 512B - Virtual size: 497B

.idata
Size: 2KB - Virtual size: 2KB

.CRT
Size: 512B - Virtual size: 24B

.tls
Size: 512B - Virtual size: 32B

.reloc
Size: 1024B - Virtual size: 588B