aa00764c18cc718ba1b3c4019b8576fe_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

aa00764c18cc718ba1b3c4019b8576fe_JaffaCakes118
Size

16KB
MD5

aa00764c18cc718ba1b3c4019b8576fe
SHA1

5d1c9b4b87f92b954d36567b8af650a04afd193b
SHA256

882b0659b891c3bf45e77032426a72a81c14cee26ca51c8917ad44699a15ef5e
SHA512

ff206adb2f517b7c9aa260e19a88e702b2c7594e48b37f9e56a9e0d284e344eb8597c0eddb2c8f57ca6d13564c7d70baab7611da9459c9d36e56b3d7cba42fd8
SSDEEP

384:u3RhOx2XU3kD1Yi8uyYWEtOSP+Zotj0L4kl1X:uBhLk3myYDOGH0L4+X

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aa00764c18cc718ba1b3c4019b8576fe_JaffaCakes118

Files

aa00764c18cc718ba1b3c4019b8576fe_JaffaCakes118
.dll windows:4 windows x86 arch:x86

fc5f084642478570843b7cc2e051d9e4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wsock32

inet_addr
gethostbyname
closesocket
WSACleanup
WSAStartup
ioctlsocket
htons
socket
connect
recv
send

user32

CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
VkKeyScanA
keybd_event
ShowWindow
SetFocus
wsprintfA
BlockInput
SetForegroundWindow

advapi32

EnumServicesStatusA
CloseServiceHandle
OpenProcessToken
ImpersonateLoggedOnUser
OpenSCManagerA

wininet

InternetOpenUrlA
InternetOpenA
InternetReadFile

ole32

CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

VariantInit
SysAllocString
VariantClear
SysFreeString

psapi

EnumProcessModules
EnumProcesses
GetModuleBaseNameA

msvcrt

_onexit
__dllonexit
_adjust_fdiv
_initterm
free
strtok
fopen
fwrite
fclose
malloc
time
strcmp
strncpy
toupper
strlen
strcpy
memcpy
sprintf
memset
strcat
??3@YAXPAX@Z
??2@YAPAXI@Z
__CxxFrameHandler
rand
srand
strstr

kernel32

CreateThread
CreateProcessA
LoadLibraryA
GetProcAddress
lstrlenA
lstrcpyA
lstrcmpA
lstrcpynA
ExitProcess
CloseHandle
OpenProcess
lstrcmpiA
GetLocaleInfoA
Sleep
GetTickCount
InterlockedDecrement
GetWindowsDirectoryA
GlobalAlloc
CreateMutexA
DisableThreadLibraryCalls
MultiByteToWideChar
GetLastError
GlobalLock
GlobalUnlock

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 932B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fc5f084642478570843b7cc2e051d9e4

Headers

File Characteristics

Imports

wsock32

user32

advapi32

wininet

ole32

oleaut32

psapi

msvcrt

kernel32

Sections

.text Size: 9KB - Virtual size: 8KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 3KB - Virtual size: 3KB

.reloc Size: 1024B - Virtual size: 932B

.text
Size: 9KB - Virtual size: 8KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 3KB - Virtual size: 3KB

.reloc
Size: 1024B - Virtual size: 932B