4ae259f1072dbd6322cf45c226165206_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4ae259f1072dbd6322cf45c226165206_JaffaCakes118
Size

17KB
MD5

4ae259f1072dbd6322cf45c226165206
SHA1

2560cdf32e2bbc5fae7756916a66e85654706a24
SHA256

32f8b849a1e4af272d00e551e0e49b8e3daf065b228f7681495988bac4a7c5e0
SHA512

008cc4b01216b539a95625b6d2b8bb812141631a5ff4feca366c64ccd931e3528915da46361f0c45bc64f45585a16fbd14f9f684f26d4bbb2a05e168526f750d
SSDEEP

384:qxLZQlvIhl402tdUwIZ8tqMmeBERQEPNDl9e0gC:Y+IhuUwrtke8PB7gC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4ae259f1072dbd6322cf45c226165206_JaffaCakes118

Files

4ae259f1072dbd6322cf45c226165206_JaffaCakes118
.dll windows:4 windows x86 arch:x86

0f493d1d7a77dc21ed036569414eba5e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryA
OutputDebugStringA
ExpandEnvironmentStringsA
FreeLibrary
ExitThread
GetModuleHandleA
Sleep
FindClose
FindNextFileA
FindFirstFileA
Process32Next
Process32First
CreateToolhelp32Snapshot
OpenProcess
GetDiskFreeSpaceExA
GetVolumeInformationA
lstrcmpiA
GetDriveTypeA
GetModuleFileNameA
CreateProcessA
GlobalMemoryStatus
GetVersionExA
GetComputerNameA
SetEvent
TerminateThread
OpenEventA
DeleteFileA
GetCurrentProcess
SetFileAttributesA
CopyFileA
CreateEventA
SetFilePointer
GetFileSize
OpenMutexA
WaitForSingleObject
HeapFree
GetProcessHeap
CreateMutexA
GetLastError
CloseHandle
CreateThread
lstrlenA
GetSystemDirectoryA
CreateFileA
GetTickCount
WriteFile
ReadFile
lstrcpyA
GetLogicalDriveStringsA
lstrcatA
HeapAlloc

user32

wsprintfA

advapi32

CreateProcessAsUserA
LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges
RegSetValueExA
RegDeleteValueA
GetUserNameA
RegOpenKeyExA
RegCreateKeyA
RegQueryValueExA
RegCloseKey
DuplicateTokenEx

shell32

StrStrIA

ws2_32

closesocket
send
recv
select
__WSAFDIsSet
inet_ntoa
socket
htons
gethostbyname
connect
gethostname
WSACleanup
WSAStartup
WSASocketA

msvcrt

rand
memcpy
strncpy
memmove
_splitpath
__CxxFrameHandler
sprintf
strcpy
srand
memset

Exports

Exports

WSPStartup

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0f493d1d7a77dc21ed036569414eba5e

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ws2_32

msvcrt

Exports

Exports

Sections

.text Size: 11KB - Virtual size: 10KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 1016B

.text
Size: 11KB - Virtual size: 10KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 1016B