858283c59e495e7e141af89b8f4e87f5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

858283c59e495e7e141af89b8f4e87f5_JaffaCakes118
Size

55KB
MD5

858283c59e495e7e141af89b8f4e87f5
SHA1

5877af22b146b582a7ef585c28c0db7008c29eba
SHA256

65ebdd8c591f1ada1ea5a49a667008be80c6f47d70f6eedf2533f97d9525837e
SHA512

e306db07e87adea9995fd59ef35bffa2645410c6f5cfbccafeb772766ccc0cc107ed4b64ff2acb2f6b9ec74913eaf4b50af928b7568f7dbf69295bf190154350
SSDEEP

768:GMlsWzB41vbuilusr+7bdddOjBiXqw2f34fevZNq0litzYS7:GIsWK5bRusr+7bdddONlf34

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
858283c59e495e7e141af89b8f4e87f5_JaffaCakes118

Files

858283c59e495e7e141af89b8f4e87f5_JaffaCakes118
.dll windows:4 windows x86 arch:x86

5ae1ca343ed0805da5cd88b9000afe81

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemDirectoryA
GetFileAttributesA
OutputDebugStringA
GetTempPathA
DeleteFileA
lstrcatA
WriteFile
CreateFileA
WinExec
GetLastError
FreeResource
SizeofResource
LockResource
LoadResource
FindResourceA
ExpandEnvironmentStringsA
DeviceIoControl
GetTickCount
MapViewOfFile
CreateFileMappingA
GetFileSize
CopyFileA
GetDriveTypeA
GetLogicalDriveStringsA
TerminateThread
WaitForSingleObject
FindClose
FindNextFileA
FindFirstFileA
CreateMutexA
GlobalAddAtomA
OpenMutexA
GlobalFindAtomA
GetWindowsDirectoryA
LoadLibraryA
GetProcAddress
CloseHandle
Sleep
ExitProcess
UnmapViewOfFile
CreateThread

user32

FindWindowA
GetWindowLongA
ShowWindow

advapi32

OpenServiceA
CloseServiceHandle
OpenSCManagerA
StartServiceA
CreateServiceA
DeleteService
ControlService

shell32

ShellExecuteA

ws2_32

connect
htons
closesocket
socket
inet_ntoa
inet_addr
gethostbyname
gethostname
WSAStartup
send

mpr

WNetAddConnection2A

rpcrt4

NdrPointerUnmarshall
NdrConformantStringUnmarshall
NdrAllocate
NdrConformantArrayBufferSize
I_RpcGetBuffer
NdrConformantArrayMarshall
NdrClientInitializeNew
NdrServerInitializeNew
RpcRaiseException
NdrPointerBufferSize
NdrConformantStringBufferSize
NdrPointerMarshall
NdrConformantStringMarshall
NdrConvert
NdrConformantArrayUnmarshall
NdrNsGetBuffer
NdrNsSendReceive
NdrFreeBuffer
RpcStringBindingComposeA
RpcBindingFromStringBindingA
RpcBindingFree
RpcStringFreeA

msvcrt

fwrite
_adjust_fdiv
_initterm
_onexit
__dllonexit
??2@YAPAXI@Z
??3@YAXPAX@Z
_stricmp
atoi
fread
fseek
ftell
strcmp
strchr
strrchr
strlen
memset
sprintf
strcpy
_except_handler3
memcpy
memcmp
printf
malloc
free
strcat
fclose
fopen

msvcp60

?open@?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAEPAV12@PBDH@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
??1?$basic_ifstream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?getline@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@1@AAV21@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ

Exports

Exports

Scan

Sections

.data
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5ae1ca343ed0805da5cd88b9000afe81

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ws2_32

mpr

rpcrt4

msvcrt

msvcp60

Exports

Exports

Sections

.data Size: 33KB - Virtual size: 33KB

.rsrc Size: 17KB - Virtual size: 17KB

.reloc Size: 3KB - Virtual size: 3KB

.data
Size: 33KB - Virtual size: 33KB

.rsrc
Size: 17KB - Virtual size: 17KB

.reloc
Size: 3KB - Virtual size: 3KB