8d399de9ad7b716c1904a6d06d02b6f8_JaffaCakes118

General

Target

8d399de9ad7b716c1904a6d06d02b6f8_JaffaCakes118
Size

600KB
MD5

8d399de9ad7b716c1904a6d06d02b6f8
SHA1

03668f1053ef2a272958667f1f97e75b0600fbac
SHA256

5fe0a8e61bf5f4738b3e3d01777f00a456c5257793eb4ac16711dab66c627d6b
SHA512

b117d41d55d3c063d8bb8da3d3702c09ab174ce4dd5649d57ad44c2ed0ef811671f64d7b2e6d10d268957f2f9723db368ac793a1c58dde6a157a4de7207e6a11
SSDEEP

6144:/qrjPneNWKeJanfd63dZ9AFrEV/Wa0CsgesAFEL8iD0LaT7HNaOVql+9rUpz6tud:/kjPeNWK1E9AFE0sJn2GTVte

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8d399de9ad7b716c1904a6d06d02b6f8_JaffaCakes118

Files

8d399de9ad7b716c1904a6d06d02b6f8_JaffaCakes118
.dll windows:4 windows x86 arch:x86

62358ddd35940bae63265912e12069cb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wsock32

accept
ntohl
bind
listen
inet_ntoa
WSACancelBlockingCall
WSACleanup
getsockopt
getservbyname
ntohs
WSAStartup
gethostbyname
htons
htonl
socket
setsockopt
connect
send
WSASetLastError
recv
WSAGetLastError
shutdown
closesocket

gdi32

GetObjectA
GetBitmapBits
CreateDCA
CreateCompatibleDC
GetDeviceCaps
CreateCompatibleBitmap
SelectObject
DeleteObject
DeleteDC
BitBlt

msvcrt

_read
_write
_getch
_close
_lseek
_fileno
_assert
realloc
free
malloc
memchr
time
sprintf
_stat
_errno
fclose
fprintf
strchr
fflush
fputs
signal
_iob
fopen
_setjmp3
longjmp
_pctype
_chmod
_isctype
strstr
fread
fwrite
_setmode
ftell
fseek
fgets
_ftol
atoi
bsearch
qsort
strcmp
strncpy
getenv
_except_handler3
strerror
memmove
gmtime
strncmp
strtoul
tolower
sscanf
_initterm
_adjust_fdiv
localtime
__mb_cur_max

kernel32

GetTickCount
GetVersionExA
GlobalMemoryStatus
QueryPerformanceCounter
CloseHandle
SetLastError
GetLastError
GetProcAddress
LoadLibraryA
FreeLibrary
GetStdHandle
FlushConsoleInputBuffer
GetThreadTimes
DisableThreadLibraryCalls
GetCurrentThreadId
GetCurrentProcessId
GetCurrentThread

Sections

.text
Size: 480KB - Virtual size: 478KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

62358ddd35940bae63265912e12069cb

Headers

File Characteristics

Imports

wsock32

gdi32

msvcrt

kernel32

Sections

.text Size: 480KB - Virtual size: 478KB

.rdata Size: 128KB - Virtual size: 124KB

.data Size: 36KB - Virtual size: 43KB

.reloc Size: 24KB - Virtual size: 21KB

.text
Size: 480KB - Virtual size: 478KB

.rdata
Size: 128KB - Virtual size: 124KB

.data
Size: 36KB - Virtual size: 43KB

.reloc
Size: 24KB - Virtual size: 21KB