a1ebb7ac20bb79716ca5c070de64197d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

a1ebb7ac20bb79716ca5c070de64197d_JaffaCakes118
Size

43KB
MD5

a1ebb7ac20bb79716ca5c070de64197d
SHA1

c7c63b94e31a0225a2954502f9ae06d1618360f0
SHA256

5ee69394b4aa450b817ba5537ce2354da1a96ce742ba3637de39d5454afcf998
SHA512

019d48a984cb2f7d9d1f3487184d96efb8d2d8a0b047c2d215e2fbd9ecbcb6e0e247d7706d64facc511e7d0c512fc2e2bde1a7cb16c48c4c2fe49e1699c47160
SSDEEP

768:GOH/snLKYIhmg6jzHCSWmk3Y09q3YuE6+xYsJbqZV2kqzmR4ogBp:GKsLvwa6SWmk3K7CYsJe4JzJB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a1ebb7ac20bb79716ca5c070de64197d_JaffaCakes118

Files

a1ebb7ac20bb79716ca5c070de64197d_JaffaCakes118
.dll windows:4 windows x86 arch:x86

4519a8a74b278a35388be18569c97f12

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegEnumKeyExA
RegQueryInfoKeyA

shlwapi

wnsprintfA
StrToIntA
StrStrA

ws2_32

ioctlsocket
WSACleanup
WSAStartup
WSASetLastError
select
getsockopt
WSAGetLastError
__WSAFDIsSet
gethostbyname
socket
setsockopt
connect
recv
send
shutdown
closesocket
getsockname
sendto
inet_ntoa
recvfrom
bind
inet_addr
htonl
htons

kernel32

ExitProcess
GetModuleFileNameA
GetWindowsDirectoryA
GetStartupInfoA
CreateProcessA
OpenThread
TerminateThread
GetExitCodeThread
lstrcpynA
GetVersion
SetFileAttributesA
DeleteFileA
lstrcpyA
GetEnvironmentVariableA
GetCurrentThread
SetThreadPriority
FreeLibraryAndExitThread
lstrlenA
HeapFree
IsBadWritePtr
HeapReAlloc
GetProcessHeap
HeapAlloc
ReleaseMutex
WaitForSingleObject
WriteFile
lstrcatA
GetTimeZoneInformation
GetSystemTime
OpenFile
IsBadReadPtr
ExitThread
GetTickCount
Sleep
SetLastError
GetCurrentThreadId
CreateThread
CreateMutexA
OpenMutexA
CloseHandle
ReadFile
GetFileSize
CreateFileA

user32

CharLowerA
wsprintfA

dnsapi

DnsExtractRecordsFromMessage_W
DnsRecordListFree

shell32

ShellExecuteA

Exports

Exports

GetThreadBot

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4519a8a74b278a35388be18569c97f12

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shlwapi

ws2_32

kernel32

user32

dnsapi

shell32

Exports

Exports

Sections

.text Size: 33KB - Virtual size: 33KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 76KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 33KB - Virtual size: 33KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 76KB

.reloc
Size: 3KB - Virtual size: 3KB