5f1731cfbf3bdd8ad9b4ca3a5963aeab_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5f1731cfbf3bdd8ad9b4ca3a5963aeab_JaffaCakes118
Size

1.4MB
MD5

5f1731cfbf3bdd8ad9b4ca3a5963aeab
SHA1

8417561c8acbe43f258beaea59cab7306dad3161
SHA256

e2745e239d0e3f24c2ccdf77cd02b81379fb3009cb0f78c3786f93347ecbd58d
SHA512

2f20272df16433f76dddec32d492f2ef1649e0c463a46a767eed4f174a08ff1c71c47d21bc217117c09c2f509fbf57e465348b10f878ddc36607e2ec5cd4cbaf
SSDEEP

24576:5WasIhYroC+RPLvYg28PBhrGhIZus+a0+H8OYt/bq+pWngkjzyjR0TnFi:DrggxEsh0+cOYt+gkXiqTn0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5f1731cfbf3bdd8ad9b4ca3a5963aeab_JaffaCakes118

Files

5f1731cfbf3bdd8ad9b4ca3a5963aeab_JaffaCakes118
.dll windows:4 windows x86 arch:x86

018503ab46c8f1647559830ae95f06fe

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_CxxThrowException
sscanf
isdigit
strtol
??1type_info@@UAE@XZ
strncat
_onexit
_initterm
_adjust_fdiv
realloc
memmove
toupper
tolower
strtok
memcmp
strcpy
strrchr
_strnicmp
strstr
rand
printf
atol
atoi
_strlwr
strchr
strcat
_stricmp
strcmp
memset
malloc
fopen
free
fclose
fgets
strncpy
clock
srand
abs
time
localtime
sprintf
fprintf
vsprintf
strlen
_EH_prolog
__CxxFrameHandler
memcpy
??3@YAXPAX@Z
??2@YAPAXI@Z
__dllonexit

wsock32

recv
WSACleanup
WSAStartup
select
closesocket
htons
getservbyname
send
gethostname
ioctlsocket
gethostbyname
socket
connect
WSAGetLastError
inet_ntoa
getsockopt
ntohl
htonl
setsockopt

kernel32

GetLastError
OpenFile
_lclose
GetStdHandle
WriteFile
ReadFile
GetFileSize
GetFileType
CreateFileA
CloseHandle
GetVersionExA
lstrcpyA
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetLocalTime
GetProcAddress
FreeLibrary
LoadLibraryA
GetModuleHandleA
lstrcmpA
GetEnvironmentVariableA
lstrcmpiA
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
Sleep
lstrlenA
lstrcatA

user32

wsprintfA
CharNextA

advapi32

RegEnumValueA
RegDeleteValueA
RegOpenKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA

Exports

Exports

Blat
Send
SetPrintFunc
cSend

Sections

.text
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

018503ab46c8f1647559830ae95f06fe

Headers

File Characteristics

Imports

msvcrt

wsock32

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 71KB - Virtual size: 70KB

.rdata Size: 31KB - Virtual size: 31KB

.data Size: 7KB - Virtual size: 40KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 71KB - Virtual size: 70KB

.rdata
Size: 31KB - Virtual size: 31KB

.data
Size: 7KB - Virtual size: 40KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 7KB