7047b22a7c97fb8de8bc94c43cf33b63_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

7047b22a7c97fb8de8bc94c43cf33b63_JaffaCakes118
Size

41KB
MD5

7047b22a7c97fb8de8bc94c43cf33b63
SHA1

f1e4acbeddec7073ea9b6ead314514709b160d5d
SHA256

66b66bf12b3ee88de75092224308e77eb370f410da513de6b85c15fc0385e3b0
SHA512

8356e3ce83c9cde185c66a1f72c318a8b1eb8287fb4ba0b8b58aecd423bdf2990fc87ca414b405d52e6112bf520f38e6b57ec65325176c351fb39c11960d9492
SSDEEP

768:5kUqpYOO3NzBTf39LvozqbukYHPo5jivgIfXaKEUH+IhgBRK9QLA2gK7D9:5kUqpY93FBT1LvonPB5fqKDeUDC7D

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7047b22a7c97fb8de8bc94c43cf33b63_JaffaCakes118

Files

7047b22a7c97fb8de8bc94c43cf33b63_JaffaCakes118
.dll windows:5 windows x86 arch:x86

d79799b9bb8553f4e7df9a8604bb1643

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

connect
htons
recv
gethostbyname
send
WSACreateEvent
WSAGetLastError
socket
closesocket
WSAStartup
WSACleanup

crypt32

CryptStringToBinaryA
CryptBinaryToStringA

psapi

GetProcessImageFileNameA
EnumProcessModules
GetModuleBaseNameA
EnumProcesses

kernel32

DisconnectNamedPipe
CreateNamedPipeA
EnterCriticalSection
ResetEvent
SetNamedPipeHandleState
WaitForMultipleObjects
DeleteCriticalSection
CloseHandle
CreateThread
GetLastError
lstrcatA
lstrcmpiA
lstrcpyA
GetLocaleInfoA
FreeLibrary
InitializeCriticalSection
CreateProcessA
GetProcAddress
GetTempFileNameA
LoadLibraryA
GetVersionExA
GetTempPathA
HeapReAlloc
HeapAlloc
lstrcpynA
GetProcessHeap
ReadFile
GetModuleHandleExA
Sleep
GetModuleFileNameA
MoveFileExA
GetSystemDirectoryA
GetEnvironmentVariableA
FindFirstFileA
CopyFileA
FindClose
OpenEventA
FindNextFileA
GetSystemTime
CreateRemoteThread
VirtualAllocEx
GetCurrentProcessId
WriteProcessMemory
GetTickCount
VirtualFree
WriteFile
ConnectNamedPipe
SetEvent
WaitForSingleObject
WaitNamedPipeA
lstrlenA
CreateFileA
LeaveCriticalSection
VirtualProtect
CreateEventA
GetCurrentProcess
GetModuleHandleA
FlushInstructionCache
OpenProcess
HeapFree

advapi32

RegEnumKeyA
RegQueryValueExA
CryptHashData
CryptDestroyHash
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
RegDeleteValueA
RegOpenKeyExA
CryptDecrypt
CryptDestroyKey
CryptGenKey
RegCreateKeyA
InitializeSecurityDescriptor
RegOpenKeyA
RegSetValueExA
RegCloseKey
CryptCreateHash
CryptEncrypt
CryptImportKey
CryptReleaseContext
CryptAcquireContextW
CryptExportKey
CryptGetHashParam
RegCreateKeyExA

Exports

Exports

Update

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d79799b9bb8553f4e7df9a8604bb1643

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

crypt32

psapi

kernel32

advapi32

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 31KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 688B

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 32KB - Virtual size: 31KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 688B

.reloc
Size: 2KB - Virtual size: 2KB