74887c54de515e3aafcbf0c1a6ad5b8a_JaffaCakes118

General

Target

74887c54de515e3aafcbf0c1a6ad5b8a_JaffaCakes118
Size

52KB
MD5

74887c54de515e3aafcbf0c1a6ad5b8a
SHA1

7ae520f899397b63b1f6fe95a1b81d26080b9367
SHA256

ea6bb869a3dc80dcc0cbf0632b8b0a75f9c5fbcd565e0b9e73d72d67dbe9c63a
SHA512

df2ab9bb63dfa1180afb60a7ab029ba4092f2e90a7575e316e6bb0cb8cf44f30071697c50c3926647ab109ee0edffd7282dd6232a0e0034682a3ca4b7590d351
SSDEEP

768:IUKpFfdLkYbb18/UvmB2a9Fx9AbAIjb2S6eJiMIUE58CaG+ZukzW1onl8CQo7PGQ:Gft5C/SdaNhrCQSaEQpmBZu8LhnPwm3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
74887c54de515e3aafcbf0c1a6ad5b8a_JaffaCakes118

Files

74887c54de515e3aafcbf0c1a6ad5b8a_JaffaCakes118
.dll windows:4 windows x86 arch:x86

48f9f26192e5e3d775c07709a401926d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

connect
WSACleanup
recv
socket
WSAStartup
inet_addr
closesocket
htons
gethostbyaddr
gethostbyname
send

kernel32

VirtualAllocEx
VirtualFreeEx
lstrlenA
lstrlenW
OpenProcess
CreateRemoteThread
WaitForSingleObject
GetCurrentProcess
GetCurrentProcessId
GetSystemDirectoryA
DeleteFileA
CreateThread
FindFirstFileA
IsBadReadPtr
CopyFileA
WideCharToMultiByte
Sleep
GetModuleFileNameA
FreeLibrary
GetModuleHandleA
GetProcAddress
CreateFileA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
CloseHandle
VirtualProtect
VirtualQuery
WriteProcessMemory
LoadLibraryA
CreateFileMappingW
DuplicateHandle
GetVersion
MultiByteToWideChar

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

msvcrt

_strdup
strncmp
_snprintf
??3@YAXPAX@Z
??2@YAPAXI@Z
memcpy
_initterm
_adjust_fdiv
_strlwr
strlen
strcat
memset
strstr
strcpy
_stricmp
sprintf
free
malloc
strtol

Exports

Exports

input

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

48f9f26192e5e3d775c07709a401926d

Headers

File Characteristics

Imports

ws2_32

kernel32

advapi32

msvcrt

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 36KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 36KB - Virtual size: 36KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 8KB - Virtual size: 8KB