943878f82181d9ebb231ab98c74cda17_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

943878f82181d9ebb231ab98c74cda17_JaffaCakes118
Size

96KB
MD5

943878f82181d9ebb231ab98c74cda17
SHA1

43e08a7e7680e6dde98fd17b325234e72c02ea0e
SHA256

17f75df54e464db5757eb629959e250b95abbc5e05241d154da54d8f068cbbc8
SHA512

649bfdc4c7c942875f91938f909036f9891b224133368957d70a1e30fa3ca3164c19b0a1da09053d1f5932da38a877ecec944c6bf22faf23b09a028c41eb0956
SSDEEP

1536:kvNC2XmJTNHmNCoTerxXqD47umthvSwh8r7vNOQv4Ttx:kPmJhGNCoTerhqD4y4IUiv4Tt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
943878f82181d9ebb231ab98c74cda17_JaffaCakes118

Files

943878f82181d9ebb231ab98c74cda17_JaffaCakes118
.dll windows:4 windows x86 arch:x86

5aff2279a56afbcbc5edba00d0ae5a0c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord940
ord6662
ord6282
ord6385
ord6877
ord6283
ord2763
ord926
ord6874
ord6648
ord6663
ord4278
ord4129
ord350
ord3663
ord3616
ord3127
ord5651
ord6883
ord5710
ord4202
ord5856
ord537
ord541
ord354
ord5186
ord665
ord801
ord3318
ord823
ord5442
ord860
ord5861
ord825
ord6143
ord1979
ord858
ord3811
ord3337
ord2818
ord924
ord922
ord939
ord941
ord535
ord6876
ord800
ord540

msvcrt

_adjust_fdiv
malloc
_initterm
free
_onexit
__dllonexit
_except_handler3
_mbsnbicmp
??1type_info@@UAE@XZ
sscanf
_access
strncmp
wcslen
_stricmp
_memicmp
strncpy
atoi
strtok
tolower
_CxxThrowException
strchr
memmove
printf
__CxxFrameHandler
strstr
_mbscmp
sprintf
fopen
fwrite
fclose

kernel32

CreateProcessA
CopyFileA
GetCurrentProcessId
FreeLibrary
GetTempPathA
MultiByteToWideChar
LocalFree
DeleteFileA
Sleep
GetLocalTime
GetSystemDirectoryA
WaitForSingleObject
lstrlenA
CloseHandle
UnmapViewOfFile
MapViewOfFile
GetLastError
CreateFileMappingA
GetCurrentThreadId
InterlockedDecrement
GetPrivateProfileStringA
HeapAlloc
HeapFree
HeapCreate
InitializeCriticalSection
GetProcAddress
LoadLibraryA
ExpandEnvironmentStringsA
WideCharToMultiByte
LoadLibraryW
ExpandEnvironmentStringsW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetModuleFileNameA

user32

FindWindowA
SendMessageA

ole32

CoCreateInstance

oleaut32

VariantClear
GetErrorInfo
SysFreeString
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayDestroy
SysAllocString

msvcp60

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Xran@std@@YAXXZ
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Xlen@std@@YAXXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIPBDI@Z

ws2_32

WSCGetProviderPath
WSCEnumProtocols
inet_addr
inet_ntoa
ntohs

Exports

Exports

WSPStartup

Sections

.text
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 394KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5aff2279a56afbcbc5edba00d0ae5a0c

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

ole32

oleaut32

msvcp60

ws2_32

Exports

Exports

Sections

.text Size: 64KB - Virtual size: 61KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 394KB

.rsrc Size: 4KB - Virtual size: 960B

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 64KB - Virtual size: 61KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 394KB

.rsrc
Size: 4KB - Virtual size: 960B

.reloc
Size: 8KB - Virtual size: 7KB