850f1b0152c8802bed4282e19f582d37_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

850f1b0152c8802bed4282e19f582d37_JaffaCakes118
Size

36KB
MD5

850f1b0152c8802bed4282e19f582d37
SHA1

899799058d59cd78ad5ac9220cadad2581a10263
SHA256

053a71b2b8fef6e913ca9797d77d6741c4128ec5f8effe235eee0cc4ff9cb23d
SHA512

bccd3a0b075a62c1dd87b0ba79815646f4d5d62e07788fa919d74c5b43c79db18f5719108e41f2b90080c6e319e8378933cb1ba256dc661054a1994f1bbc4e79
SSDEEP

384:SVLiuKtp9nHSX/PCT1nZ0RCyWAlDwMB3Ffb:SEuK3441nMLUAt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
850f1b0152c8802bed4282e19f582d37_JaffaCakes118

Files

850f1b0152c8802bed4282e19f582d37_JaffaCakes118
.dll windows:4 windows x86 arch:x86

0b09ff380f5e41d896fc2a6d8d34524c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

closesocket
htons
connect
send
recv
WSAStartup
socket
select
gethostbyname
shutdown
WSACleanup
inet_addr
getsockname
WSAGetLastError
inet_ntoa

advapi32

RegOpenKeyExA
RegQueryValueExA
RegEnumKeyExA
RegSetValueExA
RegCloseKey

mfc42

ord540
ord537
ord860
ord535
ord800
ord1168
ord1158
ord2915
ord858
ord802
ord542
ord1085
ord823
ord3337
ord825
ord3811

msvcrt

_onexit
atoi
fclose
fread
rewind
ftell
fseek
fopen
_beginthreadex
strstr
__dllonexit
fwrite
free
_initterm
malloc
_adjust_fdiv
__CxxFrameHandler
printf
getchar
exit
time
sprintf
_splitpath
_mkdir
_fcloseall

kernel32

LoadLibraryA
lstrcpyA
DeleteFileA
TerminateThread
GetProcAddress
ExitThread
CreateProcessA
CloseHandle
WriteFile
PeekNamedPipe
GetModuleHandleA
GetVersionExA
CreatePipe
TerminateProcess
ReadFile
Sleep
GetLastError
GetLocaleInfoA
CreateThread
GetModuleFileNameA
GetCurrentDirectoryA
GetSystemDirectoryA

user32

GetCursorPos
GetMessageExtraInfo
EnumWindows
SetCursorPos
GetWindowTextA
mouse_event

Exports

Exports

WSPStartup

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0b09ff380f5e41d896fc2a6d8d34524c

Headers

File Characteristics

Imports

ws2_32

advapi32

mfc42

msvcrt

kernel32

user32

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 10KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 137KB

Shared Size: 4KB - Virtual size: 12B

.rsrc Size: 4KB - Virtual size: 856B

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 12KB - Virtual size: 10KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 137KB

Shared
Size: 4KB - Virtual size: 12B

.rsrc
Size: 4KB - Virtual size: 856B

.reloc
Size: 4KB - Virtual size: 1KB