5bfba2e749f0d6f406977a5d40a8e228_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

5bfba2e749f0d6f406977a5d40a8e228_JaffaCakes118
Size

36KB
MD5

5bfba2e749f0d6f406977a5d40a8e228
SHA1

1e46718eb519efce6b802664ddc8eabfc7eb9ac3
SHA256

e229463e278311563dade3352811c51cd3024fdbd787d781b1919a2d20927169
SHA512

95869ff2eeb964c5086c3759da34a39e35ffb7f5b5a90da6c49ad01b918e1fad6312502aaa80eb7acc7de1abf455f5ad2d8eac60bd6de724ba2393ebb24137be
SSDEEP

768:30dUQW8u8fXc0/ZNqwKC313T+hDbFyTrI:BouSXN/ZNqb0cC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5bfba2e749f0d6f406977a5d40a8e228_JaffaCakes118

Files

5bfba2e749f0d6f406977a5d40a8e228_JaffaCakes118
.dll windows:4 windows x86 arch:x86

600db880ee5050abaf345bf3fd58b114

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FindNextFileW
FindFirstFileW
lstrcmpW
Sleep
WriteFile
ReadFile
GetFileSize
CreateFileW
DeleteFileW
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetComputerNameW
FindClose
CreateMutexW
lstrcpyA
GetTempFileNameW
GetTempPathW
WinExec
CopyFileW
FreeLibrary
GetProcAddress
LoadLibraryW
GetShortPathNameW
CreateThread
SetEvent
OpenEventW
GetCurrentProcessId
lstrcmpA
LocalFree
GetLastError
CloseHandle
lstrcpyW
lstrcmpiW
lstrcatW
ReleaseMutex
lstrlenW

user32

UnhookWindowsHookEx
SetWindowsHookExW
CallNextHookEx

msvcrt

memmove
__CxxFrameHandler
strstr
_initterm
_adjust_fdiv
memcpy
sprintf
mbstowcs
swprintf
malloc
free
strlen
memset
rand
??2@YAPAXI@Z
??3@YAXPAX@Z
_CxxThrowException
wcstombs
??1type_info@@UAE@XZ

wininet

HttpSendRequestExW
HttpEndRequestW
InternetCloseHandle
InternetSetOptionW
HttpOpenRequestW
InternetConnectW
InternetOpenW
HttpQueryInfoW
InternetGetConnectedState

crypt32

CryptUnprotectData

advapi32

RegQueryValueExW
OpenSCManagerW
EnumServicesStatusW
CloseServiceHandle
RegEnumKeyExW
RegOpenKeyExW
RegCloseKey

ws2_32

inet_ntoa
WSAStartup
gethostbyname
ntohs
WSACleanup

oleaut32

GetErrorInfo

netapi32

NetServerEnum
NetUserEnum
NetApiBufferFree

iphlpapi

GetIpAddrTable
GetNumberOfInterfaces
GetTcpTable

mpr

WNetOpenEnumW
WNetCloseEnum
WNetEnumResourceW

shell32

SHGetSpecialFolderPathW

Exports

Exports

PlayWork
Wins32

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

600db880ee5050abaf345bf3fd58b114

Headers

File Characteristics

Imports

kernel32

user32

msvcrt

wininet

crypt32

advapi32

ws2_32

oleaut32

netapi32

iphlpapi

mpr

shell32

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 20KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 130KB

Shared Size: 3KB - Virtual size: 3KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 20KB - Virtual size: 20KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 130KB

Shared
Size: 3KB - Virtual size: 3KB

.reloc
Size: 3KB - Virtual size: 3KB