8e698b9c8d9243af8d6bffc0f854c800_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8e698b9c8d9243af8d6bffc0f854c800_JaffaCakes118
Size

20KB
MD5

8e698b9c8d9243af8d6bffc0f854c800
SHA1

13b50fa8c0628e1b455620534f2f22377fdae2b2
SHA256

44d13373c629956c149306be6083430110e97b211d25f74f59127bf8cd7b355a
SHA512

98d768ea70ab62c5c2872d7cc3ae90a6d0847432f5499b5af505503c25d3b4fd17d3725b74304d34d649734760b75aebdf378e4e865a87de94f40abed9189dc1
SSDEEP

384:vwxITWBZhB7cFt6il7MkqyWrER8H5FME:Z6+Ail77qxre8ZC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8e698b9c8d9243af8d6bffc0f854c800_JaffaCakes118

Files

8e698b9c8d9243af8d6bffc0f854c800_JaffaCakes118
.dll windows:4 windows x86 arch:x86

ddb9204a3220c41023810e8de2bc03b4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

htons
inet_addr
socket
WSACleanup
send
closesocket
connect
recv
inet_ntoa
gethostbyname
WSAStartup

ole32

CoCreateInstance
CoInitialize
CoUninitialize

shlwapi

PathFileExistsA

msvcrt

_adjust_fdiv
_initterm
free
_onexit
__dllonexit
_access
rename
remove
sscanf
fread
strchr
strstr
wcscmp
malloc
strncpy
sprintf
fopen
strtok
fgets
fclose
_stricmp

gdiplus

GdiplusStartup
GdipCloneImage
GdipAlloc
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipDisposeImage
GdipSaveImageToFile
GdipLoadImageFromFile
GdipFree

mfc42

ord800
ord537

kernel32

lstrlenA
CreateToolhelp32Snapshot
Process32First
Process32Next
LoadLibraryA
GetProcAddress
VirtualProtect
ExitProcess
GetFileSize
GetSystemDirectoryA
GetModuleFileNameA
TerminateProcess
CopyFileA
GetLocalTime
DeleteFileA
OpenProcess
GlobalUnlock
GlobalAlloc
GlobalLock
CreateFileA
WriteFile
GlobalFree
CloseHandle
FindNextFileA
FindFirstFileA
MultiByteToWideChar
CompareFileTime
Sleep
CreateThread

user32

GetWindowRect
CallNextHookEx
ReleaseDC
GetDesktopWindow
GetDC

gdi32

DeleteObject
CreateDCA
GetDeviceCaps
GetObjectA
GetStockObject
SelectPalette
RealizePalette
GetDIBits
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
DeleteDC

advapi32

RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

ShellExecuteA
SHGetSpecialFolderPathA

iphlpapi

GetAdaptersInfo

Exports

Exports

?dnfCallBack@@YGJHIJ@Z
myIns

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 985KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ddb9204a3220c41023810e8de2bc03b4

Headers

File Characteristics

Imports

ws2_32

ole32

shlwapi

msvcrt

gdiplus

mfc42

kernel32

user32

gdi32

advapi32

shell32

iphlpapi

Exports

Exports

Sections

.text Size: 11KB - Virtual size: 10KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 1KB - Virtual size: 985KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 11KB - Virtual size: 10KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 1KB - Virtual size: 985KB

.reloc
Size: 4KB - Virtual size: 3KB