741a27408716ff02ab92290b13602b42_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

741a27408716ff02ab92290b13602b42_JaffaCakes118
Size

276KB
MD5

741a27408716ff02ab92290b13602b42
SHA1

b3a85bd140856394863da8d8e62b4ffcb2634dc7
SHA256

1861e73d94038f65b255eab02d1e7f7ba66a7cab3ea4352bdb55aa627e8d7497
SHA512

9cd59cc263d694490c395839b9cc84484e5571d6bd92c4e00aa88e3bd9bb468fb946d08df9cf7f035f881a8398ddce4fa679459594f15ceaf8d0de85c7a37073
SSDEEP

3072:kp5CWbDpK1dNYxcQ9HB1vpFK3cv/gaCly0pxYvD6Ag0Fu3ZkalZeO5PYyL:E5CWPp2dNw9HnK3cgxIOYuAO3CGFD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
741a27408716ff02ab92290b13602b42_JaffaCakes118

Files

741a27408716ff02ab92290b13602b42_JaffaCakes118
.dll windows:4 windows x86 arch:x86

999da5078815b3a0c94ac8087ff780c3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Documents and Settings\tj\Mine dokumenter\irc-u\Release\irc-u3.pdb

Imports

kernel32

FindFirstFileA
SetCurrentDirectoryA
SetFileAttributesA
DeleteFileA
GetModuleFileNameA
FindNextFileA
SetThreadPriority
MoveFileA
InterlockedDecrement
FindClose
CreateThread
Sleep
WaitForSingleObject
GetTickCount
SetEndOfFile
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
SetStdHandle
InitializeCriticalSection
SetFilePointer
LoadLibraryA
GetCPInfo
GetLastError
ExitProcess
RtlUnwind
RaiseException
HeapFree
HeapAlloc
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
GetTimeFormatA
GetDateFormatA
GetSystemTimeAsFileTime
WideCharToMultiByte
GetTimeZoneInformation
HeapReAlloc
GetDiskFreeSpaceA
GetCurrentThreadId
GetCommandLineA
GetVersionExA
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
GetModuleHandleA
QueryPerformanceCounter
GetCurrentProcessId
SetUnhandledExceptionFilter
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
WriteFile
FlushFileBuffers
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
LCMapStringA
MultiByteToWideChar
LCMapStringW
CloseHandle
ReadFile
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
GetFullPathNameA
GetCurrentDirectoryA
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
HeapSize
InterlockedExchange
GetACP
GetOEMCP
InterlockedIncrement

user32

DispatchMessageA
TranslateMessage
PeekMessageA
PostThreadMessageA

advapi32

RegQueryValueExA

ws2_32

__WSAFDIsSet
recv
send
socket
htons
select
bind
listen
accept
closesocket
ioctlsocket
WSAGetLastError
connect
gethostbyname
gethostname
WSAStartup
htonl

Exports

Exports

HandleEventHook

Sections

.text
Size: 168KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

999da5078815b3a0c94ac8087ff780c3

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ws2_32

Exports

Exports

Sections

.text Size: 168KB - Virtual size: 165KB

.rdata Size: 56KB - Virtual size: 55KB

.data Size: 8KB - Virtual size: 47KB

.reloc Size: 40KB - Virtual size: 36KB

.text
Size: 168KB - Virtual size: 165KB

.rdata
Size: 56KB - Virtual size: 55KB

.data
Size: 8KB - Virtual size: 47KB

.reloc
Size: 40KB - Virtual size: 36KB