696c2565284a27125098f50de6891821_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

696c2565284a27125098f50de6891821_JaffaCakes118
Size

68KB
MD5

696c2565284a27125098f50de6891821
SHA1

6c3e70f11e48246ff8eb4c3c96a1e25e9a349096
SHA256

bd9bc3c8316c052add4a558ba9445210962171e86d9c4a4ee46c994e0688753b
SHA512

fe9b0557a4c6177556df906459d90de18f10d5cb448833e7dd51448c3168e82b3567755ba885aa8f31ec46c72d1f7e17d91e42de05f7000b12f350fc5e197749
SSDEEP

1536:WgKGnkMO+AI2nc2XF2pMBzQFD2MYXwIY2FpaGg6EOUzT8x/weNt0OG9scoO9i:WgRkMO+v0c2V2pMBzA2MYXwIbFpY6EOt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
696c2565284a27125098f50de6891821_JaffaCakes118

Files

696c2565284a27125098f50de6891821_JaffaCakes118
.dll windows:4 windows x86 arch:x86

bf95d9be91ef9d49526ddf963057e4de

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

atoi
strncpy
fgets
fopen
sprintf
vsprintf
strncmp
_adjust_fdiv
malloc
_initterm
free
_onexit
__dllonexit
exit
strtok
fclose
_beginthreadex
fputs
fputc
fwrite
??2@YAPAXI@Z
rand
srand
strchr
strcspn
strncat

wsock32

WSAStartup
setsockopt
gethostname
WSAGetLastError
connect
inet_ntoa
ioctlsocket
gethostbyname
socket
select
recv
closesocket
ntohs
htons
sendto
send

wininet

FtpSetCurrentDirectoryA
InternetOpenUrlA
InternetReadFile
FtpCreateDirectoryA
FtpPutFileA
InternetConnectA
InternetCloseHandle
InternetOpenA

rasapi32

RasEnumConnectionsA
RasGetConnectStatusA

kernel32

HeapAlloc
GetProcessHeap
HeapFree
GetTickCount
GetSystemDirectoryA
OpenMutexA
Sleep
lstrcpynA
GetProcAddress
LoadLibraryA
GetModuleHandleA
CreateMutexA
ExpandEnvironmentStringsA
FindClose
FindNextFileA
GetFullPathNameA
WinExec
DeleteFileA
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
CreateThread
FindFirstFileA
CloseHandle

user32

RegisterClassA
CreateWindowExA
DefWindowProcA
KillTimer
DestroyWindow
PostQuitMessage
SetTimer
wsprintfA
GetMessageA
DispatchMessageA
TranslateMessage

gdi32

GetStockObject

advapi32

RegCloseKey
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA

Exports

Exports

_DllMain@12
load

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 21.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bf95d9be91ef9d49526ddf963057e4de

Headers

File Characteristics

Imports

msvcrt

wsock32

wininet

rasapi32

kernel32

user32

gdi32

advapi32

Exports

Exports

Sections

.text Size: 13KB - Virtual size: 12KB

.rdata Size: 17KB - Virtual size: 17KB

.data Size: 6KB - Virtual size: 21.1MB

.reloc Size: 3KB - Virtual size: 19KB

.text
Size: 13KB - Virtual size: 12KB

.rdata
Size: 17KB - Virtual size: 17KB

.data
Size: 6KB - Virtual size: 21.1MB

.reloc
Size: 3KB - Virtual size: 19KB