875a53a225109fdf3c56680c530a1bcf_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

875a53a225109fdf3c56680c530a1bcf_JaffaCakes118
Size

58KB
MD5

875a53a225109fdf3c56680c530a1bcf
SHA1

fa897647c2f8455c030aed96fee2b2a4ce7e8336
SHA256

4c3532f03c8bb09af06b7253264d041b35b142d124103c3821e366e8b9c2c69b
SHA512

672fe89887d953c3dfce21779fe8dbe47beee1ccd60d795d92a78b266cc1dfcda21596386f89034d87e1b6fafce43e06000144f80d23c4c6ccbda7d813632072
SSDEEP

768:gj0YMwap3OGlI3RWBbdsWgAystaZVKVflt5prMwQhOmVXc9cnPcQc:gNMBI3RabrtaZVAVMhOmJc9vQc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
875a53a225109fdf3c56680c530a1bcf_JaffaCakes118

Files

875a53a225109fdf3c56680c530a1bcf_JaffaCakes118
.dll windows:4 windows x86 arch:x86

34bb821160eec6aca3be8b1c2f741580

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

GetUserNameA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
CreateProcessAsUserA
OpenProcessToken
ConvertSidToStringSidA
GetTokenInformation
OpenThreadToken
RegSetValueExA

ws2_32

send
recv
WSAStartup
inet_addr
htons
WSAGetLastError
connect
closesocket
gethostname
gethostbyname
inet_ntoa
WSACleanup
socket

msvcrt

_adjust_fdiv
_initterm
_strlwr
_access
__CxxFrameHandler
rand
_itoa
time
srand
memmove
isalpha
malloc
free
strncpy
strstr
atoi
strchr
strrchr
exit
sprintf
_snprintf
_except_handler3
??2@YAPAXI@Z
??3@YAXPAX@Z

kernel32

GetSystemTime
WinExec
GetModuleHandleA
OpenEventA
VirtualFree
VirtualAlloc
CopyFileA
ReleaseSemaphore
GetCurrentDirectoryA
CreateSemaphoreA
GetCurrentThreadId
OpenThread
LocalFree
OpenProcess
Process32First
Process32Next
GetWindowsDirectoryA
GetLocalTime
SystemTimeToFileTime
CompareFileTime
MoveFileA
SetFileTime
SetFileAttributesA
GetLongPathNameA
GetFileAttributesA
lstrcmpA
FindClose
GetTempFileNameA
FileTimeToLocalFileTime
MultiByteToWideChar
GetFileTime
GetDriveTypeA
GetDiskFreeSpaceExA
TerminateThread
lstrlenW
WideCharToMultiByte
FileTimeToSystemTime
GetShortPathNameA
GetEnvironmentVariableA
GetLastError
WriteFile
CreateFileA
LoadLibraryA
CloseHandle
FreeLibrary
DeleteFileA
GetVersion
Sleep
GetProcAddress
lstrcatA
lstrcpyA
ReadFile
lstrcpynA
SetFilePointer
GetFileSize
ExitThread
CreateThread
WaitForSingleObject
GetComputerNameA
GetVersionExA
GlobalMemoryStatus
lstrlenA
lstrcmpiA
GetLogicalDriveStringsA
MoveFileExA
GetSystemDirectoryA
CreateProcessA
GetModuleFileNameA
CreateDirectoryA
GetTempPathA
FindNextFileA
FindFirstFileA
SleepEx
DisableThreadLibraryCalls
ResumeThread
LoadLibraryW
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetCurrentProcess

iphlpapi

GetAdaptersInfo

user32

PeekMessageA
GetMessageA

Exports

Exports

ServiceMain
TStartUp
TStartUpA

Sections

.text
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

34bb821160eec6aca3be8b1c2f741580

Headers

File Characteristics

Imports

advapi32

ws2_32

msvcrt

kernel32

iphlpapi

user32

Exports

Exports

Sections

.text Size: 45KB - Virtual size: 44KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 3KB - Virtual size: 58KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 45KB - Virtual size: 44KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 3KB - Virtual size: 58KB

.reloc
Size: 5KB - Virtual size: 4KB