716c802731b6e0dd8a2d9288d6cdffa7_JaffaCakes118

General

Target

716c802731b6e0dd8a2d9288d6cdffa7_JaffaCakes118
Size

13KB
MD5

716c802731b6e0dd8a2d9288d6cdffa7
SHA1

cc3504dfbfc6bdd80e1ec0246d401f0386a6d4d0
SHA256

b542bdcc24d3bdfffcadea92560fac3bc7e6717c8c185f26f9aff0bb20df79d7
SHA512

323196044ca2da281867c825add4802ede0a0b61e2af88513202572e59808c5879fcb82a666c21073f35d51fda546cdb679205666974b120012d7bbba92bbf30
SSDEEP

192:9n0TlJk2GRmlxkgJlnvg4b2HYN5E3fb+RdyGiFX+Kamo6CNZl6:2s2GBgzvxb5N5E3f6Rdya7J

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
716c802731b6e0dd8a2d9288d6cdffa7_JaffaCakes118

Files

716c802731b6e0dd8a2d9288d6cdffa7_JaffaCakes118
.dll windows:5 windows x86 arch:x86

2c726b38e5ced07cd6cc1fb5dec358ce

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

RtlImageDirectoryEntryToData
RtlImageNtHeader
wcsstr
_snprintf
strstr
_snwprintf
sscanf
_wcsicmp
_stricmp
memset
memcpy

wininet

InternetCloseHandle
HttpOpenRequestA
InternetSetOptionA
InternetCrackUrlA
InternetConnectA
InternetOpenA
HttpSendRequestA
InternetQueryOptionA

shlwapi

StrStrIW
PathFindFileNameA
StrCpyW
StrStrIA

ws2_32

freeaddrinfo
socket
getaddrinfo
WSAStartup
connect
closesocket

kernel32

GetModuleHandleW
CreateThread
WriteProcessMemory
GetCurrentProcessId
CloseHandle
GetVersionExA
OpenEventW
CreateToolhelp32Snapshot
VirtualProtect
QueueUserWorkItem
GetModuleHandleA
Process32NextW
CreateEventW
WritePrivateProfileStringA
Process32FirstW
LoadLibraryA
GetPrivateProfileStringA
VirtualAllocEx
VirtualAlloc
GetProcAddress
GetLastError
GetPrivateProfileIntW
WritePrivateProfileStringW
ReadFile
Sleep
VirtualFreeEx
GetPrivateProfileIntA
OpenProcess
GetCommandLineA
CreateRemoteThread
GetPrivateProfileStringW
CreateFileA
GetFileSize
GetCurrentProcess

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 874B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2c726b38e5ced07cd6cc1fb5dec358ce

Headers

File Characteristics

Imports

ntdll

wininet

shlwapi

ws2_32

kernel32

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 874B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 874B