607b5495261e19fe9529e2a40b3f185e_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

607b5495261e19fe9529e2a40b3f185e_JaffaCakes118
Size

41KB
MD5

607b5495261e19fe9529e2a40b3f185e
SHA1

066f90a1b292778f7b92e98535abe723077b9355
SHA256

05bd70f6bed943549daeb984e278c5230a47b05dd323035ba2b14ca4e1110c25
SHA512

aa027f77b574ab24f7f73e93b34b567a0dec1e5f5359981aef0383bc111e7752f7bc35969143efd4538beffd39133e800f053fa972cf8527fca344ae914151c7
SSDEEP

768:suixcoH66wSeiYYPVhcwnt5m26PKnSsYo9gAp+qHhxDqkQX5/RGuh4i31sHKbD9:suixDrwhqhcKL/SHbo9gm1ApTP+qbD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
607b5495261e19fe9529e2a40b3f185e_JaffaCakes118

Files

607b5495261e19fe9529e2a40b3f185e_JaffaCakes118
.dll windows:5 windows x86 arch:x86

d79799b9bb8553f4e7df9a8604bb1643

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

connect
htons
recv
gethostbyname
send
WSACreateEvent
WSAGetLastError
socket
closesocket
WSAStartup
WSACleanup

crypt32

CryptStringToBinaryA
CryptBinaryToStringA

psapi

GetProcessImageFileNameA
EnumProcessModules
GetModuleBaseNameA
EnumProcesses

kernel32

DisconnectNamedPipe
CreateNamedPipeA
EnterCriticalSection
ResetEvent
SetNamedPipeHandleState
WaitForMultipleObjects
DeleteCriticalSection
CloseHandle
CreateThread
GetLastError
lstrcatA
lstrcmpiA
lstrcpyA
GetLocaleInfoA
FreeLibrary
InitializeCriticalSection
CreateProcessA
GetProcAddress
GetTempFileNameA
LoadLibraryA
GetVersionExA
GetTempPathA
HeapReAlloc
HeapAlloc
lstrcpynA
GetProcessHeap
ReadFile
GetModuleHandleExA
Sleep
GetModuleFileNameA
MoveFileExA
GetSystemDirectoryA
GetEnvironmentVariableA
FindFirstFileA
CopyFileA
FindClose
OpenEventA
FindNextFileA
GetSystemTime
CreateRemoteThread
VirtualAllocEx
GetCurrentProcessId
WriteProcessMemory
GetTickCount
VirtualFree
WriteFile
ConnectNamedPipe
SetEvent
WaitForSingleObject
WaitNamedPipeA
lstrlenA
CreateFileA
LeaveCriticalSection
VirtualProtect
CreateEventA
GetCurrentProcess
GetModuleHandleA
FlushInstructionCache
OpenProcess
HeapFree

advapi32

RegEnumKeyA
RegQueryValueExA
CryptHashData
CryptDestroyHash
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
RegDeleteValueA
RegOpenKeyExA
CryptDecrypt
CryptDestroyKey
CryptGenKey
RegCreateKeyA
InitializeSecurityDescriptor
RegOpenKeyA
RegSetValueExA
RegCloseKey
CryptCreateHash
CryptEncrypt
CryptImportKey
CryptReleaseContext
CryptAcquireContextW
CryptExportKey
CryptGetHashParam
RegCreateKeyExA

Exports

Exports

Update

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d79799b9bb8553f4e7df9a8604bb1643

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

crypt32

psapi

kernel32

advapi32

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 31KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 688B

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 32KB - Virtual size: 31KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 688B

.reloc
Size: 2KB - Virtual size: 2KB