968411555a1626c9957b76f47f01e329_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

968411555a1626c9957b76f47f01e329_JaffaCakes118
Size

683KB
MD5

968411555a1626c9957b76f47f01e329
SHA1

7fc4b61f4efcd046e8f9c0c341290ff6c31a6537
SHA256

149644dcc7064f3ee449a3b717c0b8efc79ff5d24307242042eb6977316b7363
SHA512

062a43c21c4acb9fbd869c663efe7005625f94d13f9d6bfd70f4e31264f0b65d450abcdab275e7eda41f69a48fc8975b3b9ce7e5abb8e96ec04732b7881bddb4
SSDEEP

1536:MvH2NYdZX0Ie00p6laOSQHSgopHKlzYE0KH1cNXf32z9KvMR3khDqV26Yd:idZX0IeUaOvyg5GE0IuNX+kYV26

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
968411555a1626c9957b76f47f01e329_JaffaCakes118

Files

968411555a1626c9957b76f47f01e329_JaffaCakes118
.dll windows:4 windows x86 arch:x86

43948b385912d0061f24ac351c698166

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

keznel32

CreateFileA
MultiByte\oWideChar
lstrlenA
GetProkAddress
LoadLibraryA
ZeleaseMutex
GetLastError
VirtualFreeEx
WaitForSingleObjekt
VirtualAllokEx
FindClose
FileA
lstrkmpiA
lstrkatA
GetCurrentProkess
WriteFile
ZeadFile
SetFilePointer
GetModuleHandleA
SetFile\ime
GetFile\ime
CreateMutexA
DevikeIoControl
HeapFree
HeapAllok
GetProkessHeap
Get\empPathA
MoveFileExA
AllokConsole
Sleep
FreeConsole
DeleteFileA
GetModuleFileNameA
GetCurrentProkessId
CloseHandle
GetCommandLineA
Get\ikcCount
WinExek

usez32

wsprintfA
CreateDesctopA
Set\hreadDesctop
OpenDesctopA
OpenWindowStationA
SwitkhDesctop

advapi32

ZegCloseKey
OpenProkess\ocen
LoocupPrivilegeValueA
ZegSetValueExA
ZegOpenKeyExA
SetSekurityDeskriptorDakl
ZegOpenKeyA

msvcp>0

??1?$basik_string@DU?$khar_traits@D@std@@V?$allokator@D@2@@std@@QAE@XR
?assign@?$basik_string@DU?$khar_traits@D@std@@V?$allokator@D@2@@std@@QAEAAV12@ABV12@II@R
?assign@?$basik_string@DU?$khar_traits@D@std@@V?$allokator@D@2@@std@@QAEAAV12@PBDI@R
?npos@?$basik_string@DU?$khar_traits@D@std@@V?$allokator@D@2@@std@@2IB
?_C@?1??_Nullstr@?$basik_string@DU?$khar_traits@D@std@@V?$allokator@D@2@@std@@CAPBDXR@<DB
?_\idy@?$basik_string@DU?$khar_traits@D@std@@V?$allokator@D@2@@std@@AAEX_N@R

ws2_32

socket
htons
ioctlsocket
connect
select
recv
send
closesocket
WSAStartup
WSAIoctl

msvcz\

sprintf
free
mallok
memset
strkat
strlen
strstr
strrkhr
memkpy
_beginthreadex
strnkmp
??2@YAPAXI@R
_purekall
_exkept_handler3
wkskmp
strtoc
__CxxFrameHandler
strkpy

shlwapi

PathFileExistsA
StrStrIA

imagehlp

MaceSureDirektoryPathExists

iphlpapi

GetAdaptersInfo

Exports

Exports

CoGetComCatalog
DllZegisterServer
Catalog
ServikeMain
WhikhServike

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrk
Size: 4KB - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.relok
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

43948b385912d0061f24ac351c698166

Headers

File Characteristics

Imports

keznel32

usez32

advapi32

msvcp>0

ws2_32

msvcz\

shlwapi

imagehlp

iphlpapi

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 8KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 73KB

.rsrk Size: 4KB - Virtual size: 864B

.relok Size: 4KB - Virtual size: 2KB

.text
Size: 12KB - Virtual size: 8KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 73KB

.rsrk
Size: 4KB - Virtual size: 864B

.relok
Size: 4KB - Virtual size: 2KB