ade348ea3a6c8457bbe8c1bdbef75d93_JaffaCakes118

General

Target

ade348ea3a6c8457bbe8c1bdbef75d93_JaffaCakes118
Size

20KB
MD5

ade348ea3a6c8457bbe8c1bdbef75d93
SHA1

5e8e36e97159d1467fc9f1c89b6e3ffeaaf03155
SHA256

2dd6b7999b82642dff9d6b0a7a6c002350927a2c1465b7aa1194148eb7935e8b
SHA512

cfed2da29df9658a84e0b87a0be5d4ce1119653208f43a94d928e1323717928a5e447244a0205c1f74285b8d2f1f98a44550bed70e2360fed2603af82667fec5
SSDEEP

384:7WVZatz8o08trcxeLgUR4Et2W9aVWvLf:7WUCKrc0LgUR4F

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ade348ea3a6c8457bbe8c1bdbef75d93_JaffaCakes118

Files

ade348ea3a6c8457bbe8c1bdbef75d93_JaffaCakes118
.dll windows:4 windows x86 arch:x86

034cf99cb4a38dc69d849d6a9a749058

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord823
ord1168

msvcrt

_strnicmp
_stricmp
strncpy
strncat
sprintf
atoi
malloc
wcscpy
wcscat
wcslen
free
strncmp
_itoa

kernel32

GetSystemDirectoryA
SetFileTime
GetFileTime
CreateThread
ReadProcessMemory
OpenProcess
GetCurrentProcessId
GetModuleHandleA
GetProcAddress
LoadLibraryA
GetEnvironmentVariableA
WriteProcessMemory
WriteFile
SetFilePointer
CloseHandle
GetFileSize
CreateFileA
WideCharToMultiByte
DeleteFileA
ReadFile
Sleep
GetLocalTime
Process32Next
Process32First
CreateToolhelp32Snapshot

user32

SetWindowsHookExA

advapi32

RegOpenKeyA
LsaRetrievePrivateData
LsaOpenPolicy
RegCreateKeyA
RegSetValueExA
RegCloseKey
LsaClose
RegQueryValueExA
GetUserNameA
LookupAccountNameA

ws2_32

connect
socket
htons
inet_addr
send
recv
closesocket
gethostname
gethostbyname
inet_ntoa
WSAStartup

rasapi32

RasEnumEntriesA
RasGetEntryPropertiesA
RasGetEntryDialParamsA

Exports

Exports

GetRas
InitDll
writ

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 830B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

034cf99cb4a38dc69d849d6a9a749058

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

advapi32

ws2_32

rasapi32

Exports

Exports

Sections

.text Size: 11KB - Virtual size: 11KB

.data Size: 3KB - Virtual size: 11KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 830B

.text
Size: 11KB - Virtual size: 11KB

.data
Size: 3KB - Virtual size: 11KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 830B