66663c8e2b40fd7211ca4f5038da94b9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

66663c8e2b40fd7211ca4f5038da94b9_JaffaCakes118
Size

76KB
MD5

66663c8e2b40fd7211ca4f5038da94b9
SHA1

5042e1b1ca02116c295d349bb730062219071b57
SHA256

4adb842f1a2ef930395a8b683236212ce6b0b515e99cf79865914daf6be66295
SHA512

7bc8bf18a5c738df8e1de635538c52ccb2f7a4ce24d54e00a867e14038caf85a94c2f5bdf2bb40a03293a673eb71323098d427a8c986c43d0b7ac1b9587168c2
SSDEEP

1536:1MNx7fk127AXNY6wlV9+v6ELn4cXH1IjqdHt2d/Rwpl/X:aL7srY3lV9+bLn4cXeqJqwplP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
66663c8e2b40fd7211ca4f5038da94b9_JaffaCakes118

Files

66663c8e2b40fd7211ca4f5038da94b9_JaffaCakes118
.dll windows:4 windows x86 arch:x86

6c219e3ee5cf7fba2dd23ab2ceb8cdfd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

w:\projects\b3\release\core.pdb

Imports

kernel32

GetCurrentProcess
lstrcpyA
GetSystemDirectoryA
GetWindowsDirectoryA
GetVolumeInformationA
SetErrorMode
GetCommandLineA
GetLocaleInfoA
GetModuleHandleA
GetCommandLineW
GetModuleFileNameA
GlobalAlloc
GlobalFree
OpenFile
_lwrite
_lclose
_lread
FreeLibrary
lstrcmpiA
VirtualAlloc
VirtualFree
GetExitCodeThread
TerminateThread
DuplicateHandle
MoveFileA
CopyFileA
lstrlenA
GetStdHandle
GetCurrentThread
SuspendThread
CreateToolhelp32Snapshot
Process32First
Process32Next
GetFileSize
CreateMutexA
GetVersionExA
GetSystemInfo
GlobalMemoryStatus
GetLogicalDriveStringsA
GetDriveTypeA
GetDiskFreeSpaceExA
GetLastError
FormatMessageA
Thread32First
Thread32Next
SetThreadPriority
SetPriorityClass
OpenThread
CreateFileA
GetLogicalDrives
ReadFile
GetCurrentDirectoryA
GlobalReAlloc
GetProcAddress
LoadLibraryA
SetUnhandledExceptionFilter
ExitThread
Sleep
CreateThread
ResumeThread
WaitForSingleObject
CreateProcessA
SetCurrentDirectoryA
GetTempPathA
FindClose
FindNextFileA
DeleteFileA
lstrcatA
FindFirstFileA
CloseHandle
TerminateProcess
OpenProcess
GetTickCount
ExitProcess
lstrcmpA

user32

wsprintfA
GetWindowRect

advapi32

RegOpenKeyExA
CreateServiceA
ChangeServiceConfigA
CloseServiceHandle
DeleteService
ControlService
QueryServiceStatus
RegDeleteKeyA
RegOpenKeyA
RegQueryValueExA
RegSetValueExA
RegCloseKey
RegisterServiceCtrlHandlerExA
SetServiceStatus
OpenSCManagerA
OpenServiceA
StartServiceCtrlDispatcherA

shell32

CommandLineToArgvW

shlwapi

StrStrIA
StrStrA
StrCmpNA
StrChrA
StrToIntA
StrRStrIA
StrRChrA

ws2_32

getsockopt
setsockopt
inet_ntoa
gethostbyname
inet_addr
htons
closesocket
select
recv
send
accept
listen
bind
ioctlsocket
socket
WSAStartup
__WSAFDIsSet
htonl
gethostbyaddr
sendto
getsockname
gethostname
connect
WSACleanup
shutdown
recvfrom
ntohl

msvcrt

memcpy
??3@YAXPAX@Z
free
??2@YAPAXI@Z
malloc
srand
isalnum
isdigit
memmove
rand
isalpha
__dllonexit
_onexit
_initterm
_adjust_fdiv
_except_handler3

wininet

InternetGetCookieA
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetConnectA
InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetCloseHandle
InternetSetCookieA

iphlpapi

GetIpAddrTable
GetAdaptersInfo

Exports

Exports

?GetRandomChild@XmlNode@@QAEPAV1@XZ

Sections

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6c219e3ee5cf7fba2dd23ab2ceb8cdfd

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

shlwapi

ws2_32

msvcrt

wininet

iphlpapi

Exports

Exports

Sections

.text Size: 61KB - Virtual size: 61KB

.bss Size: - Virtual size: 6KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 128B

.edata Size: 2KB - Virtual size: 2KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 61KB - Virtual size: 61KB

.bss
Size: - Virtual size: 6KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 128B

.edata
Size: 2KB - Virtual size: 2KB

.reloc
Size: 3KB - Virtual size: 3KB