5dc82db7b096c7802cd4446691d688aa_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5dc82db7b096c7802cd4446691d688aa_JaffaCakes118
Size

17KB
MD5

5dc82db7b096c7802cd4446691d688aa
SHA1

8c7770b8dff72542e930e0dc394330668988a844
SHA256

fd1076ee515ae45a256056ce1550ae69d89d72c84872cbd320cff797409b7c2b
SHA512

6189a1d0e6a2462bf78405969d8933227c8daf5c33692d5fd88bce22ed84cb03e24de9bda7c1f675b92db2d0873d3419bad1bbf9298297919432ad1d1348f0db
SSDEEP

192:9gPB/eqjsQW0Jj05J57rhU8IOO7GvPSgt9B89xjsTQSmdQ+HnBpD9GmVXNEe7:96pAQW82rO8IZinFV6jsTQ9d9GmVXi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5dc82db7b096c7802cd4446691d688aa_JaffaCakes118

Files

5dc82db7b096c7802cd4446691d688aa_JaffaCakes118
.dll windows:4 windows x86 arch:x86

600694dfa0d44278689595de48443db7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualProtect
GetModuleHandleA
lstrcatA
GetModuleFileNameA
GlobalAlloc
GetFileSize
GetPrivateProfileStringA
GlobalLock
CreateFileA
WriteFile
GlobalUnlock
GlobalFree
MultiByteToWideChar
LoadLibraryA
GetProcAddress
CloseHandle
GetSystemDirectoryA
Sleep
GetCurrentDirectoryA

user32

GetDC
ReleaseDC
GetWindowRect
GetDesktopWindow

gdi32

DeleteObject
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
GetDIBits
RealizePalette
SelectPalette
GetStockObject
GetObjectA
DeleteDC
GetDeviceCaps
CreateDCA
BitBlt

ws2_32

gethostbyname
WSAStartup
inet_ntoa
WSACleanup
socket
inet_addr
htons
connect
send
recv
closesocket

wininet

InternetCloseHandle
InternetOpenA
InternetOpenUrlA
InternetReadFile

shlwapi

PathRemoveFileSpecA

gdiplus

GdipDisposeImage
GdipSaveImageToFile
GdipLoadImageFromFile
GdiplusStartup
GdipGetImageEncoders
GdipCloneImage
GdipAlloc
GdipFree
GdipGetImageEncodersSize

msvcrt

memcpy
strchr
strncmp
free
_initterm
_adjust_fdiv
fgets
strstr
fopen
fseek
fread
fclose
strncpy
malloc
wcscmp
strcmp
strlen
_beginthreadex
sprintf
??2@YAPAXI@Z
memset
strcat
??3@YAXPAX@Z
strcpy

Exports

Exports

InstallNTDSProvider
NSPStartup
RemoveNTDSProvider

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

600694dfa0d44278689595de48443db7

Headers

File Characteristics

Imports

kernel32

user32

gdi32

ws2_32

wininet

shlwapi

gdiplus

msvcrt

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 1KB - Virtual size: 2.0MB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 1KB - Virtual size: 2.0MB

.reloc
Size: 6KB - Virtual size: 5KB