b83a4e3b48027c7d0545f61c5fceea30_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b83a4e3b48027c7d0545f61c5fceea30_JaffaCakes118
Size

248KB
MD5

b83a4e3b48027c7d0545f61c5fceea30
SHA1

9e3bd92ec951580fa35d18f73bc84da4a1931dfa
SHA256

1a487ce00ab1cf311e45378650abce2782a15e3162181d08b364b902a58c8fe4
SHA512

8060c08c613fe44e9a21d089fc981341e9bfbd1f594a3485e43397781cc3e62593587d049a5ac1543a2892ce9a1dcefe2293202fdaf3cf73619f72ae01ed6e10
SSDEEP

3072:ci/63V9TBqKEVEwjDv0uZb2aL7/PLHHGgCVxp96ftTBfwQtt33yt0c:ciWbB7w3v0+b2armrVxp96ftTBz3ym

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b83a4e3b48027c7d0545f61c5fceea30_JaffaCakes118

Files

b83a4e3b48027c7d0545f61c5fceea30_JaffaCakes118
.dll windows:4 windows x86 arch:x86

55be63455f867e925ccb90e29e97346a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

gethostname
gethostbyname
WSAStartup
getsockname
recv
send
connect
shutdown
WSACleanup
recvfrom
WSAGetLastError
ntohs
sendto
htons
bind
inet_addr
socket
WSAIoctl
closesocket

winmm

timeKillEvent
timeSetEvent

kernel32

FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
IsBadCodePtr
IsBadReadPtr
LoadLibraryA
GetOEMCP
GetACP
GetCPInfo
InterlockedIncrement
CreateThread
CloseHandle
Sleep
GetExitCodeThread
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetTickCount
WaitForSingleObject
FindClose
FindNextFileA
FindFirstFileA
TerminateProcess
OpenProcess
GetCurrentProcessId
Process32Next
Process32First
CreateToolhelp32Snapshot
GetLongPathNameA
CopyFileA
GetTempPathA
CreateEventA
SetEvent
WaitForMultipleObjects
DeleteFileA
ReadFile
SetFilePointer
GetFileSize
CreateFileA
WriteFile
CreateDirectoryA
CreateProcessA
DuplicateHandle
GetCurrentProcess
CreatePipe
GetExitCodeProcess
HeapCreate
HeapDestroy
HeapAlloc
HeapFree
HeapUnlock
HeapWalk
HeapLock
CreateIoCompletionPort
PostQueuedCompletionStatus
GetQueuedCompletionStatus
HeapSize
HeapReAlloc
VirtualFree
GetVersionExA
GetEnvironmentVariableA
GetModuleHandleA
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
InterlockedDecrement
IsBadWritePtr
VirtualAlloc
GetProcAddress
GetStartupInfoA
GetFileType
GetCommandLineA
GetVersion
RtlUnwind
RaiseException
ExitProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
SetUnhandledExceptionFilter

user32

PostMessageA
FindWindowA
GetWindow
GetWindowThreadProcessId
GetWindowLongA
GetWindowTextA
GetMessageA
PostThreadMessageA
GetDesktopWindow

shell32

SHFileOperationA
ShellExecuteA

ole32

CoCreateGuid
CoInitialize
CoUninitialize

psapi

EnumProcessModules

Exports

Exports

virtualStartup
virtualStop

Sections

.text
Size: 188KB - Virtual size: 185KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

55be63455f867e925ccb90e29e97346a

Headers

File Characteristics

Imports

ws2_32

winmm

kernel32

user32

shell32

ole32

psapi

Exports

Exports

Sections

.text Size: 188KB - Virtual size: 185KB

.rdata Size: 28KB - Virtual size: 25KB

.data Size: 16KB - Virtual size: 19KB

.reloc Size: 12KB - Virtual size: 9KB

.text
Size: 188KB - Virtual size: 185KB

.rdata
Size: 28KB - Virtual size: 25KB

.data
Size: 16KB - Virtual size: 19KB

.reloc
Size: 12KB - Virtual size: 9KB