a344c30c5b18d1fb0f48d3818b8d71e4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a344c30c5b18d1fb0f48d3818b8d71e4_JaffaCakes118
Size

52KB
MD5

a344c30c5b18d1fb0f48d3818b8d71e4
SHA1

ea5c9e78ec6ab6b7f7bfa2cb3130fe637607573b
SHA256

6c896fe2f9cea114a4b055046f4b0de8d82676619c970fb5a37653f590192efe
SHA512

f63d6f2d9343a578ce30d772f2c2263b1b3f09ac12a3d0e01bf61e49038a1daa40da314c5cd1b71018393307438557a262a3374335e2be4bcabc7bf0077b816b
SSDEEP

768:Ko1WP8PujlUOUdG9+8RdAwj7j8zbKGBjmu/XShPTfVmSi+mv7l7//Etqhsh5UC/d:Vix95fVrVmh/yqhsjRUa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a344c30c5b18d1fb0f48d3818b8d71e4_JaffaCakes118

Files

a344c30c5b18d1fb0f48d3818b8d71e4_JaffaCakes118
.dll windows:4 windows x86 arch:x86

90471d2a98d684181c3ea14db8c694a5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetTickCount
WaitForSingleObject
CreateEventA
MoveFileExA
CopyFileA
GetTempFileNameA
GetTempPathA
GetSystemDirectoryA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileSize
CloseHandle
CreateFileA
FindClose
FindNextFileA
FindFirstFileA
GetEnvironmentVariableA
EnterCriticalSection
SetLastError
lstrcpyA
lstrlenA
ExpandEnvironmentStringsA
GetWindowsDirectoryA
GetVersion
LeaveCriticalSection
VirtualQuery
GetLastError
GetVolumeInformationA
InitializeCriticalSection
GetSystemTime
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
GetTimeFormatA
GetDateFormatA
GetModuleFileNameA
LoadLibraryA
Sleep
DisableThreadLibraryCalls

advapi32

RegEnumKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyA
RegCreateKeyA
RegNotifyChangeKeyValue
RegOpenKeyExA
RegCloseKey

msvcrt

_adjust_fdiv
_onexit
__dllonexit
_stricmp
isalnum
strncpy
strrchr
strncmp
memcpy
memset
srand
time
free
malloc
??3@YAXPAX@Z
rand
strcpy
strlen
_snprintf
_mbslwr
__CxxFrameHandler
_initterm
printf
_strlwr
strstr
??2@YAPAXI@Z
_beginthread
atoi
strchr
realloc
strcat
_itoa
_strcmpi

msvcp60

?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIPBDI@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@D@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ

mapi32

ord13
ord23
ord135
ord17
ord138
ord11
ord19
ord75
ord140
ord129
ord21

ws2_32

select
ioctlsocket
gethostbyname
send
recv
setsockopt
WSAGetLastError
connect
inet_ntoa
inet_addr
htons
socket
shutdown
closesocket
gethostname
WSAStartup

dnsapi

DnsRecordListFree
DnsQuery_A

Exports

Exports

Initialize
StartProcessAtWinLogon
StopProcessAtWinLogoff

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

90471d2a98d684181c3ea14db8c694a5

Headers

File Characteristics

Imports

kernel32

advapi32

msvcrt

msvcp60

mapi32

ws2_32

dnsapi

Exports

Exports

Sections

.text Size: 38KB - Virtual size: 37KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 3KB - Virtual size: 3KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 38KB - Virtual size: 37KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 3KB - Virtual size: 3KB

.reloc
Size: 3KB - Virtual size: 3KB