6ef16abe9b5cdf6d6f788d1be119c03a_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

6ef16abe9b5cdf6d6f788d1be119c03a_JaffaCakes118
Size

140KB
MD5

6ef16abe9b5cdf6d6f788d1be119c03a
SHA1

67151d7be1003bda33c182a1e0ccb2852f79a54c
SHA256

1bd086f0df0137ec62b492c93d5a9d238a3576d2b659af51986309a0fec31708
SHA512

00d1c80909421d478d818e3f9db54e57098d4db5b80321f9ffb3465be7cc848dfbdf60df305e111fcfe4ce85760f4225405537a65adedccd09f34bf16a821477
SSDEEP

1536:lxXGUKyeu9J2dMlJcEBCtUOOqOPOmgfYWDEpfTJeJcsJcfsiKdgK5rdaEW:lxpT2dEcmuLTYTJg7J+siKeK5rdaE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6ef16abe9b5cdf6d6f788d1be119c03a_JaffaCakes118

Files

6ef16abe9b5cdf6d6f788d1be119c03a_JaffaCakes118
.dll windows:4 windows x86 arch:x86

f63801b50d84b287d77636bb780bcff1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemInfo
PeekNamedPipe
GlobalUnlock
GetLocalTime
LocalAlloc
FindNextFileA
GetProcAddress
GetDriveTypeA
lstrcpyA
GetVersionExA
lstrcmpA
FreeLibrary
GetPrivateProfileSectionNamesA
LoadLibraryA
UnmapViewOfFile
InterlockedExchange
RaiseException
GetLastError

gdi32

CreateCompatibleBitmap
GetDIBits
BitBlt
DeleteDC
CreateCompatibleDC
CreateDIBSection
SelectObject

advapi32

RegEnumValueA
GetTokenInformation
LookupAccountSidA
DuplicateTokenEx
SetTokenInformation
CreateProcessAsUserA
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyExA
InitializeSecurityDescriptor
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
AdjustTokenPrivileges
RegCreateKeyExA
OpenEventLogA
ClearEventLogA
CloseEventLog
RegOpenKeyA
RegCloseKey
RegQueryValueA

msvcrt

_except_handler3
strncat
realloc
wcstombs
_beginthreadex
calloc
free
??1type_info@@UAE@XZ
strcmp
_onexit
_initterm
malloc
_adjust_fdiv
??2@YAPAXI@Z
memset
_strnset
_strrev
strcpy
strcat
memcmp
_CxxThrowException
memmove
strlen
_ftol
__CxxFrameHandler
memcpy
__dllonexit
??3@YAXPAX@Z
_strnicmp

ws2_32

inet_addr
inet_ntoa
select
recv
ntohs
socket
gethostname
htons
connect
WSAIoctl
WSACleanup
__WSAFDIsSet
recvfrom
sendto
listen
accept
getpeername
WSAStartup
send
setsockopt
closesocket
bind
gethostbyname
getsockname

msvcp60

?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

msvfw32

ICClose
ICSeqCompressFrameEnd
ICSendMessage

psapi

GetModuleFileNameExA
EnumProcessModules

Exports

Exports

ClassInfo
ClassName
DCODELL
DMissll
MynNEG
SchoolInfo
main

Sections

.rdata
Size: 112KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f63801b50d84b287d77636bb780bcff1

Headers

File Characteristics

Imports

kernel32

gdi32

advapi32

msvcrt

ws2_32

msvcp60

msvfw32

psapi

Exports

Exports

Sections

.rdata Size: 112KB - Virtual size: 108KB

.data Size: 12KB - Virtual size: 14KB

.rsrc Size: 4KB - Virtual size: 16B

.reloc Size: 8KB - Virtual size: 6KB

.rdata
Size: 112KB - Virtual size: 108KB

.data
Size: 12KB - Virtual size: 14KB

.rsrc
Size: 4KB - Virtual size: 16B

.reloc
Size: 8KB - Virtual size: 6KB