b3f6c7bb3afc3d3d5c537486de225000_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b3f6c7bb3afc3d3d5c537486de225000_JaffaCakes118
Size

27KB
MD5

b3f6c7bb3afc3d3d5c537486de225000
SHA1

3c946ab7fcab268324ec9a7cad659f85e7f5a32a
SHA256

3238f5d6d1fa9e44ebdd0fa0f4012babf2f699908bef2fa5cb74663af276923b
SHA512

f144d2e140c2fcd97e174ebb21237114c9bb17e1fbfd5b1dc2faaa64fbb4d7788eca3c98dbc423dd29917db7dbb80977d8f966a6bd9ba0c90b1ab77cadb8bc8e
SSDEEP

384:6KD/V3Z4RKjWDorUC9sk1teRW3VNFmkJhhDmRtKhxAiFXA5CoNc2nLu:6KDN3mDo4OrAWFNFj5Dg0hSWA5Cga

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b3f6c7bb3afc3d3d5c537486de225000_JaffaCakes118

Files

b3f6c7bb3afc3d3d5c537486de225000_JaffaCakes118
.dll windows:4 windows x86 arch:x86

3cfb3cb8ab2892d21f59b36b829ff996

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetSetCookieA

kernel32

GetVolumeInformationA
GetTickCount
GetDateFormatA
GetTimeFormatA
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
GetSystemTime
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
VirtualQuery
WaitForSingleObject
CreateEventA
MoveFileExA
CopyFileA
GetTempFileNameA
GetTempPathA
GetSystemDirectoryA
LocalFree
DisableThreadLibraryCalls
GetModuleFileNameA
Sleep
LoadLibraryA

advapi32

RegCreateKeyA
RegCloseKey
RegNotifyChangeKeyValue
RegSetValueExA

msvcr71

?terminate@@YAXXZ
_except_handler3
__CppXcptFilter
_adjust_fdiv
_initterm
__dllonexit
??1type_info@@UAE@XZ
strncmp
gmtime
strftime
strcat
strstr
strchr
atoi
strcpy
rand
??2@YAPAXI@Z
??3@YAXPAX@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
_CxxThrowException
??0exception@@QAE@ABV0@@Z
_beginthread
__CxxFrameHandler
free
malloc
_snprintf
strlen
realloc
time
srand
memset
_onexit

ws2_32

ioctlsocket
connect
select
WSAGetLastError
gethostname
gethostbyname
socket
inet_ntoa
inet_addr
htons
send
shutdown
closesocket
recv
WSAStartup
setsockopt

dnsapi

DnsQuery_A
DnsRecordListFree

msvcp71

??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z

Exports

Exports

Initialize
Launch
StartProcessAtWinLogon
StopProcessAtWinLogoff

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3cfb3cb8ab2892d21f59b36b829ff996

Headers

File Characteristics

Imports

wininet

kernel32

advapi32

msvcr71

ws2_32

dnsapi

msvcp71

Exports

Exports

Sections

.text Size: 22KB - Virtual size: 21KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 22KB - Virtual size: 21KB

.reloc
Size: 4KB - Virtual size: 3KB