5ee07b14d898bc2cc720616631e356e8_JaffaCakes118

General

Target

5ee07b14d898bc2cc720616631e356e8_JaffaCakes118
Size

32KB
MD5

5ee07b14d898bc2cc720616631e356e8
SHA1

5940671907e2a6069c2c25beaa011ba62c6b814a
SHA256

314465841e2da8ef2bf93175c09b769b268a3a8b10df7af5a68c0d5b5213c55c
SHA512

2fe28450aae1fd85e3392ab7160eab0f4d43d76b04091c5d0fca6295a305aaad0d6c6f95f80b88dd430411c39efd1a99afe5fd565ffd22d2f0ff6656cd4d643b
SSDEEP

384:mAo0Fuxsata1RTO0gI3lYqvzVVs7/Xuc:mAJFuuatodO0wqvzTM/V

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5ee07b14d898bc2cc720616631e356e8_JaffaCakes118

Files

5ee07b14d898bc2cc720616631e356e8_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

02a3815f3d923f1363c8aa67cb29f118

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

htons
connect
socket
recv
ioctlsocket
closesocket
gethostname
gethostbyname

kernel32

GetProcAddress
CreateThread
GetLastError
LoadLibraryA
VirtualAlloc
GetModuleFileNameA
GetSystemInfo
GetVersionExA
GetModuleHandleA
IsBadReadPtr
VirtualQuery
VirtualProtect
WideCharToMultiByte
MultiByteToWideChar
OpenProcess
GetCurrentProcessId
Sleep
TerminateProcess
DeleteFileA
GetWindowsDirectoryA

user32

SetWindowsHookExA
CallNextHookEx

wininet

InternetConnectA
HttpOpenRequestA
InternetCrackUrlA
InternetOpenUrlA
InternetCloseHandle
InternetReadFile
InternetOpenA
HttpSendRequestA

msvcrt

_initterm
fseek
__dllonexit
malloc
_adjust_fdiv
_onexit
ftell
fgets
fclose
fopen
??2@YAPAXI@Z
sprintf
__CxxFrameHandler
??3@YAXPAX@Z
atoi
calloc
free
_strdup
realloc

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

02a3815f3d923f1363c8aa67cb29f118

Headers

File Characteristics

Imports

ws2_32

kernel32

user32

wininet

msvcrt

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 12KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 67KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 16KB - Virtual size: 12KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 67KB

.reloc
Size: 4KB - Virtual size: 1KB