b9712d7626bbbd6bfd8aeb4605682cb6_JaffaCakes118

General

Target

b9712d7626bbbd6bfd8aeb4605682cb6_JaffaCakes118
Size

60KB
MD5

b9712d7626bbbd6bfd8aeb4605682cb6
SHA1

8e3333e280604509945ec236b675910bb2c78d9d
SHA256

8d8bddf82870ee5cc0b64f1f011bd41be6c8a5249285a3bebeb806157ce2f99d
SHA512

fff284554cf7117e4c731a924d046c6cff45c4891a2b3d2ce2125a2af934e1f29808569a22cc889075623cd48650c92b73967a56694bfd09d565d31bff658d91
SSDEEP

1536:hZAfVdLXmOWCJ7MYuqUqV9z27VCw0foaQPW+C40qxPBJf64kIJAoI6GBT:hZAfVdLXmOWCOYQqVF27VCw0foaCC40/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b9712d7626bbbd6bfd8aeb4605682cb6_JaffaCakes118

Files

b9712d7626bbbd6bfd8aeb4605682cb6_JaffaCakes118
.dll windows:4 windows x86 arch:x86

79ccf481cdc9967745d6d976eebbfa2c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

setsockopt
connect
ioctlsocket
__WSAFDIsSet
htons
select
closesocket
WSASetLastError
WSAGetLastError
socket
htonl
inet_addr
ntohl
recv
send
WSAStartup
gethostbyname
gethostname
inet_ntoa
WSACleanup

winmm

timeGetTime

kernel32

GetTickCount
WaitForSingleObject
GetExitCodeThread
SetLastError
lstrcpyA
CreateProcessA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetSystemDirectoryA
SetCurrentDirectoryA
WinExec
FindFirstFileA
FindNextFileA
GetLastError
CloseHandle

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegDeleteKeyA
RegCloseKey

shell32

SHGetSpecialFolderPathA

msvcrt

strstr
strtoul
strrchr
strchr
memmove
sscanf
_pctype
__mb_cur_max
_isctype
strtol
fputc
_ftol
_strdup
toupper
fflush
strftime
gmtime
_initterm
_adjust_fdiv
atoi
_errno
strncpy
strncat
free
calloc
fwrite
fclose
fopen
remove
fgetc
sprintf
_access
malloc
rand
srand
time
fread
_iob
vsprintf
realloc
_beginthreadex

Exports

Exports

CheckConnectionAndGetIP
SwindleWebBrowser
UseThisCode

Sections

.text
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

79ccf481cdc9967745d6d976eebbfa2c

Headers

File Characteristics

Imports

ws2_32

winmm

kernel32

advapi32

shell32

msvcrt

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 40KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 44KB - Virtual size: 40KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 1KB