73798ec202cb20fa3b677d6d6545d061_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

73798ec202cb20fa3b677d6d6545d061_JaffaCakes118
Size

31KB
MD5

73798ec202cb20fa3b677d6d6545d061
SHA1

7342662770aa46332c2eaf9751650d0aa31b4889
SHA256

6091994dc68fed7cc332505bb6c6b521d4384c1788576f7488faf0ea59e8e9df
SHA512

829c153dc6830d33a06a59daf962bbc9aac11b49dc686ad56a83b2be4b6e1e5ce3da602c264d5f956f345fb20ad62e500c56d84bcddcf84fe4d7f1104d7b01b3
SSDEEP

768:NVz/QMG0G2ajpEmytBhUJM9d8St/yninwFW3TDD0XHAu:sMG0GTdEm6ByJM9d8pinBmA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
73798ec202cb20fa3b677d6d6545d061_JaffaCakes118

Files

73798ec202cb20fa3b677d6d6545d061_JaffaCakes118
.dll windows:4 windows x86 arch:x86

fdf5c45d0fd23b878c89f6b35fc199ba

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord825

msvcrt

atol
time
srand
atoi
rand
strlen
strstr
__CxxFrameHandler
fprintf
strcmp
strncpy
strcpy
fseek
ftell
mbstowcs
malloc
free
_strnicmp
_strlwr
strcat
memset
memcpy
sprintf
fgetc
fopen
fread
fwrite
fputc
fclose
_stricmp
strchr
memmove
fgets
__dllonexit
_onexit
_initterm
_adjust_fdiv
rewind
_wcsicmp

kernel32

LoadLibraryA
CloseHandle
FindFirstFileA
FindNextFileA
GetSystemInfo
ReadProcessMemory
VirtualQueryEx
FileTimeToLocalFileTime
FileTimeToSystemTime
GetProcessHeap
HeapAlloc
HeapFree
GetVersionExA
OpenProcess
GetProcAddress
FreeLibrary
WinExec
GetCurrentProcess
SetCurrentDirectoryA
CreateProcessA
WaitForSingleObject
TerminateProcess
GetCurrentProcessId
Sleep
CreateThread
GetComputerNameA
DeleteFileA
GetTempPathA
GetLastError

user32

ExitWindowsEx

advapi32

LookupPrivilegeValueA
RegQueryValueExA
GetTokenInformation
LookupAccountSidA
OpenProcessToken
RegCloseKey
AdjustTokenPrivileges
RegCreateKeyA

shell32

SHGetSpecialFolderPathA

msvcirt

??6ostream@@QAEAAV0@PBD@Z
?cout@@3Vostream_withassign@@A
?endl@@YAAAVostream@@AAV1@@Z

wsock32

inet_addr
gethostbyname
WSAStartup

psapi

EnumProcessModules
EnumProcesses
GetModuleFileNameExA

msvcp60

??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ

wininet

InternetReadFile
HttpQueryInfoA
InternetSetOptionA
InternetQueryOptionA
InternetConnectA
HttpOpenRequestA
InternetCloseHandle
HttpSendRequestA
InternetOpenA
HttpEndRequestA
InternetWriteFile
HttpSendRequestExA
InternetCrackUrlA

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fdf5c45d0fd23b878c89f6b35fc199ba

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

advapi32

shell32

msvcirt

wsock32

psapi

msvcp60

wininet

Sections

.text Size: 15KB - Virtual size: 14KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 8KB - Virtual size: 104KB

.rsrc Size: 1024B - Virtual size: 1000B

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 15KB - Virtual size: 14KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 8KB - Virtual size: 104KB

.rsrc
Size: 1024B - Virtual size: 1000B

.reloc
Size: 2KB - Virtual size: 2KB