62cc0b2f62736bc73ac45cb7b1656318_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

62cc0b2f62736bc73ac45cb7b1656318_JaffaCakes118
Size

32KB
MD5

62cc0b2f62736bc73ac45cb7b1656318
SHA1

fc8f421af0cb8437e9251a6bf590df72e3718687
SHA256

24530d5f0d55725f7cbcb9f918b0d0a485c2cfad07731ae4bf210f7af640d138
SHA512

d14bf0ce3b2255ddf9f9cf247bcb93ebab3e93e4cbae608602bc5622b634b4b3fedca374b0e9b6bc99f5faa3178d75306799da162e4dcb750f3ebf3c6ae662a5
SSDEEP

768:0zteZLSXyRGeR9UG46zFLAD4boio7r/7a+sqyG:KtelSXyRGenP46zFO48/7aiyG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
62cc0b2f62736bc73ac45cb7b1656318_JaffaCakes118

Files

62cc0b2f62736bc73ac45cb7b1656318_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d82da8e031c42e0e80194473238b1ef7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

gethostbyname
inet_ntoa
ntohl
recv
socket
inet_addr
htons
connect
send
closesocket

mfc42

ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord815
ord3831
ord3953
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord1116
ord3147
ord2982
ord269
ord826
ord600
ord1578
ord6467
ord1255
ord5714
ord5289
ord5307
ord4698
ord4079
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord825
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1168
ord1575
ord1176
ord2725

msvcrt

??1type_info@@UAE@XZ
_adjust_fdiv
malloc
_initterm
free
_onexit
__dllonexit
??2@YAPAXI@Z
__CxxFrameHandler
_strlwr
strncpy
strncmp
atoi
strstr
sprintf
strcat
strcpy
strchr
strlen
memcpy
memchr

kernel32

GlobalAlloc
WriteFile
GlobalFree
ExitProcess
SetFileAttributesA
CreateFileA
GetFileSize
ReadFile
DeleteFileA
LocalAlloc
GetProcAddress
GetCurrentProcess
WriteProcessMemory
CloseHandle
CreateThread
GetLastError
CreateSemaphoreA
LocalFree
GetTickCount
GetModuleFileNameA
VirtualQuery
Process32Next
TerminateProcess
DuplicateHandle
OpenProcess
Process32First
CreateToolhelp32Snapshot
GetModuleHandleA
Sleep

user32

SetWindowsHookExA
PeekMessageA
TranslateMessage
DispatchMessageA
KillTimer
GetWindowTextA
ScreenToClient
CallNextHookEx
SetTimer
GetForegroundWindow
GetDC
ReleaseDC

gdi32

GetObjectA
GetTextExtentExPointA
GetPixel
DeleteDC
DeleteObject
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetDIBits

Exports

Exports

Hook

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d82da8e031c42e0e80194473238b1ef7

Headers

File Characteristics

Imports

ws2_32

mfc42

msvcrt

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 14KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 27KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 16KB - Virtual size: 14KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 27KB

.reloc
Size: 4KB - Virtual size: 1KB