a439f5addb8915fbb88a9ce20b0e3a99_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a439f5addb8915fbb88a9ce20b0e3a99_JaffaCakes118
Size

80KB
MD5

a439f5addb8915fbb88a9ce20b0e3a99
SHA1

088f72b0870d49fde634a9ffb9f65d0cc04680fc
SHA256

e761c5e6a050bffebde7c1258ac5b1913948db032e7d89bb9da853072997cf65
SHA512

810c5ff6ca06801968626de9464d29ed41b062a251748b74847f2d82784434fc88b6abfd6f668a87887b4c69d09de18007c913fda27fffed74cd44cd3ade2926
SSDEEP

1536:GiMPRiVx0tg6Y1HWKmz7lRpnE6MCyLCDNJ+koGq32XtMzr76:5Vktg6Y1HWKcLpEpfWjxoOXtMzP6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a439f5addb8915fbb88a9ce20b0e3a99_JaffaCakes118

Files

a439f5addb8915fbb88a9ce20b0e3a99_JaffaCakes118
.dll windows:4 windows x86 arch:x86

adf81008c5d97252ca8e41db6f8bfa74

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

connect
gethostname
closesocket
recv
send
WSACleanup
WSAStartup
htons
gethostbyname
socket

mfc42

ord1182
ord823
ord342
ord1253
ord1168
ord825

msvcrt

??0exception@@QAE@ABV0@@Z
__CxxFrameHandler
_CxxThrowException
strftime
__dllonexit
??1exception@@UAE@XZ
fwrite
??0exception@@QAE@XZ
memmove
strstr
fclose
fopen
time
fread
_purecall
_initterm
_adjust_fdiv
malloc
_onexit
free
??1type_info@@UAE@XZ
localtime

kernel32

DeleteFileA
SetFileAttributesA
FindFirstFileA
FindNextFileA
LoadLibraryA
GetProcAddress
FreeLibrary
CreateToolhelp32Snapshot
GetSystemInfo
GetLastError
GetSystemDirectoryA
CloseHandle
WriteFile
CreateFileA
GetTickCount
Process32First
Process32Next
GetVersionExA
FindClose
lstrlenA
VirtualQueryEx
OpenProcess
ReadProcessMemory
lstrcpyA
lstrcmpiA

user32

GetClassNameA
GetDC
ReleaseDC
BroadcastSystemMessage
SendMessageA
FindWindowExA
GetWindowTextA
IsWindowVisible
GetWindowThreadProcessId
CallNextHookEx
wsprintfA
UnhookWindowsHookEx
SetWindowsHookExA
FindWindowA

gdi32

GetDeviceCaps

msvcp60

??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Xlen@std@@YAXXZ
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1_Winit@std@@QAE@XZ
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
??0_Lockit@std@@QAE@XZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?_Xran@std@@YAXXZ
??1_Lockit@std@@QAE@XZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z

Exports

Exports

InstallHook
SendMail
UnInstallHook
_MouseProc@12

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

mydata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

adf81008c5d97252ca8e41db6f8bfa74

Headers

File Characteristics

Imports

ws2_32

mfc42

msvcrt

kernel32

user32

gdi32

msvcp60

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 47KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 2KB

mydata Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 1024B

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 48KB - Virtual size: 47KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 2KB

mydata
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 1024B

.reloc
Size: 8KB - Virtual size: 4KB