75f2e2a43a7aadc31de15e247477a1eb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

75f2e2a43a7aadc31de15e247477a1eb_JaffaCakes118
Size

80KB
MD5

75f2e2a43a7aadc31de15e247477a1eb
SHA1

ef5d8a1e277da2db4f47865645b9f9278b5f2f36
SHA256

41817d5407f65f9ca0497eea894f08e99d066028f24353371254661cd69d2f3a
SHA512

299fb64ef41bdcd16f73d71a3ff39af764451fe44d5c8e8e41bae32f7931180e08e7259665d56055f148761447047e001f13948cf06a27c8440ca4961b7fe99b
SSDEEP

1536:abhepo8gIsEkMO+AI2nc2XF2pMBzQFD2MYXwIY2FpaGg6EOOk09Au:4heMVEkMO+v0c2V2pMBzA2MYXwIbFpY3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
75f2e2a43a7aadc31de15e247477a1eb_JaffaCakes118

Files

75f2e2a43a7aadc31de15e247477a1eb_JaffaCakes118
.dll windows:4 windows x86 arch:x86

533dd93fbbb3441f473befbecc05c6db

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

atoi
strncpy
fgets
fopen
sprintf
vsprintf
strncmp
_adjust_fdiv
malloc
_initterm
free
_onexit
fclose
__dllonexit
time
exit
_beginthreadex
fputs
fputc
strtok
fwrite
??2@YAPAXI@Z
srand
strchr
strcspn
strncat
rand

wsock32

WSAStartup
connect
gethostname
ioctlsocket
gethostbyname
socket
select
recv
closesocket
ntohs
htons
sendto
send

wininet

FtpSetCurrentDirectoryA
InternetReadFile
InternetOpenUrlA
FtpCreateDirectoryA
FtpPutFileA
InternetOpenA
InternetCloseHandle
InternetConnectA

rasapi32

RasGetConnectStatusA
RasEnumConnectionsA

kernel32

CreateMutexA
GetModuleHandleA
LoadLibraryA
GetProcAddress
lstrcpynA
Sleep
HeapAlloc
GetProcessHeap
HeapFree
GetTickCount
GetSystemDirectoryA
FindFirstFileA
CloseHandle
GetSystemTime
ExpandEnvironmentStringsA
FindClose
FindNextFileA
GetFullPathNameA
FreeLibrary
CreateDirectoryA
WinExec
DeleteFileA
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetTimeZoneInformation
OpenMutexA
CreateThread

user32

SetTimer
RegisterClassA
CreateWindowExA
DefWindowProcA
KillTimer
DestroyWindow
PostQuitMessage
wsprintfA
GetMessageA
DispatchMessageA
TranslateMessage

gdi32

GetStockObject

advapi32

RegCloseKey
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA

Exports

Exports

_DllMain@12
load

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 101.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

533dd93fbbb3441f473befbecc05c6db

Headers

File Characteristics

Imports

msvcrt

wsock32

wininet

rasapi32

kernel32

user32

gdi32

advapi32

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 20KB

.rdata Size: 20KB - Virtual size: 18KB

.data Size: 8KB - Virtual size: 101.2MB

.reloc Size: 24KB - Virtual size: 23KB

.text
Size: 24KB - Virtual size: 20KB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 8KB - Virtual size: 101.2MB

.reloc
Size: 24KB - Virtual size: 23KB