abe59d7a89ee8763a642ea829cac9a38_JaffaCakes118

General

Target

abe59d7a89ee8763a642ea829cac9a38_JaffaCakes118
Size

36KB
MD5

abe59d7a89ee8763a642ea829cac9a38
SHA1

ba1feef78886e4e197262c6d374af0e197832005
SHA256

fb3bd0045e84191bba63b9ba9dd31dacdc8cefdfea7470f853f4441fd7285209
SHA512

8ec2f1768073ba848cd591339978c4a010eea40401f9a8174eb6a9a0075fd5e100927201c431e0131e434a3275d1e86467c401106936c02f0f16572efbc2b88f
SSDEEP

768:Zw5nCKxvKsILk0CbzcWgzrzSLQF64Uc4H4:ZKDys3nzcWgzrzSQF6w

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
abe59d7a89ee8763a642ea829cac9a38_JaffaCakes118

Files

abe59d7a89ee8763a642ea829cac9a38_JaffaCakes118
.dll windows:4 windows x86 arch:x86

6884ddceda762ea715ca8c034d8dde42

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

iphlpapi

SendARP
GetIpForwardTable
GetAdaptersInfo
GetBestInterface

kernel32

ExitThread
GetModuleFileNameA
GetTickCount
GetVersionExA
Sleep
WaitForSingleObject
lstrlenA
CloseHandle
lstrcpyA
DisableThreadLibraryCalls
GetProcAddress
GetModuleHandleA
lstrcmpA
ExitProcess
WinExec
MoveFileA
LoadLibraryA
CreateFileW
GetVersion
GetLastError
WriteFile
DeviceIoControl
MultiByteToWideChar
TerminateThread
CreateFileA
CreateThread
lstrcatA

user32

wsprintfA
GetDesktopWindow

advapi32

OpenServiceA
StartServiceA
RegSetValueExA
OpenSCManagerA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
CreateServiceA

shell32

ShellExecuteA

wininet

InternetCloseHandle
InternetOpenUrlA
InternetOpenA
InternetConnectA
HttpOpenRequestA
InternetGetConnectedState
HttpSendRequestA

urlmon

URLDownloadToFileA

ws2_32

htons
WSAConnect
WSASocketA
WSAStartup
connect
bind
ioctlsocket
gethostbyname
gethostname
inet_addr
inet_ntoa
socket
recv
closesocket
shutdown
send

msvcrt

malloc
wcscpy
memset
rand
srand
strncpy
free
strstr
atoi
strchr
strtok
wcscat

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6884ddceda762ea715ca8c034d8dde42

Headers

File Characteristics

Imports

iphlpapi

kernel32

user32

advapi32

shell32

wininet

urlmon

ws2_32

msvcrt

Sections

.text Size: 12KB - Virtual size: 11KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 12KB - Virtual size: 98KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 12KB - Virtual size: 98KB

.reloc
Size: 4KB - Virtual size: 1KB