643a9d1e20efde15fd0e5300a4bcd5fc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

643a9d1e20efde15fd0e5300a4bcd5fc_JaffaCakes118
Size

36KB
MD5

643a9d1e20efde15fd0e5300a4bcd5fc
SHA1

46640d878e21bcde3b1c0beac768a19572427446
SHA256

1ba60332297c130f11c3ecd8679435c6805047941b11937be8d6abfdd4d42839
SHA512

89d1c44ed57f77bd6f44691fa4a42bc10aecea2e81640a0cd76b67c6b83bc8a30cf5c1d8d61648b1c82ab70d2226946224f3b8ca703936f8609b6bfd48a763ba
SSDEEP

768:nCjEbcA63ldbKDfm6WcobDQmArp8jWch:LlgnKDs/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
643a9d1e20efde15fd0e5300a4bcd5fc_JaffaCakes118

Files

643a9d1e20efde15fd0e5300a4bcd5fc_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d4dd957d5a1b11ecf7c8bd263efa6ec7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

closesocket
select
__WSAFDIsSet
recv
send
htons
inet_addr
socket
connect
WSAStartup
gethostname
gethostbyname
inet_ntoa
WSACleanup

wininet

InternetCrackUrlA
InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetReadFile
InternetCloseHandle

advapi32

GetUserNameA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
SetServiceStatus
RegisterServiceCtrlHandlerA
RegDeleteKeyA

kernel32

GetFileSize
ReadFile
lstrcatA
CreateFileA
WriteFile
GetLocalTime
DeleteFileA
FindClose
WritePrivateProfileStringA
GetProcessHeap
HeapFree
CreateToolhelp32Snapshot
Process32First
Process32Next
GetComputerNameA
FindNextFileA
FindFirstFileA
GetVolumeInformationA
HeapReAlloc
HeapSize
HeapAlloc
GetTickCount
CreateProcessA
CreateThread
Sleep
CloseHandle
GetLastError
CreateMutexA
FreeConsole
GetSystemDirectoryA
GetPrivateProfileIntA
GetPrivateProfileStringA
GetWindowsDirectoryA
GlobalMemoryStatus
GetDiskFreeSpaceExA
GetDriveTypeA
GetLogicalDrives
lstrcmpiA
GetVersionExA

user32

wsprintfA
GetProcessWindowStation
OpenWindowStationA
SetProcessWindowStation
CloseWindowStation

msvcrt

free
malloc
??2@YAPAXI@Z
__CxxFrameHandler
_EH_prolog
_purecall
??3@YAXPAX@Z
exit
atol
_ultoa
localtime
fprintf
strncat
_msize
__dllonexit
_onexit
_initterm
_adjust_fdiv
_strnicmp
_strupr
_stricmp
strstr
strrchr
memcpy
atoi
strcat
strcpy
fopen
memset
wcstombs
strncpy
strcmp
sprintf
fclose
fwrite
strlen

Exports

Exports

ServiceMain

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d4dd957d5a1b11ecf7c8bd263efa6ec7

Headers

File Characteristics

Imports

ws2_32

wininet

advapi32

kernel32

user32

msvcrt

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 18KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 5KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 20KB - Virtual size: 18KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 5KB

.reloc
Size: 4KB - Virtual size: 1KB