bacc1303cb0c9c19e32182adae15bd42_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

bacc1303cb0c9c19e32182adae15bd42_JaffaCakes118
Size

50KB
MD5

bacc1303cb0c9c19e32182adae15bd42
SHA1

bf88db8edec44323dc87e2b954069276575beba8
SHA256

d45db853b58d1a8de6ade332f353814c6ac764d484635240e80eae3ee5c0e0fb
SHA512

28a013ec505d0edbdde52ecfe2fa97e90135141e2835e09dc410c76f060389586e6bc3840620f950014ff595eac269a430ca513c3ca21300fc5c49624dc81137
SSDEEP

384:o+RAnkWrN8uhvgE7xayuULpsC25q1KznKFNTK3jGNDxv/b/sDrJq1L:oa0zh5Dpp525y2K7TKzGNxwDd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bacc1303cb0c9c19e32182adae15bd42_JaffaCakes118

Files

bacc1303cb0c9c19e32182adae15bd42_JaffaCakes118
.dll windows:4 windows x86 arch:x86

7d83e547d99a940a82697ced5db398b1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
WideCharToMultiByte
lstrlenW
ReleaseMutex
GetLastError
VirtualFreeEx
WriteProcessMemory
VirtualAllocEx
lstrcmpiA
FindClose
FindNextFileA
FindFirstFileA
lstrcatA
GetSystemDirectoryA
CloseHandle
GetCurrentProcess
Module32First
VirtualProtectEx
GetModuleHandleA
ReadFile
CopyFileA
TerminateProcess
GlobalFree
GlobalUnlock
DeleteFileA
DisableThreadLibraryCalls
IsBadReadPtr
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcessId
GetTickCount
WaitForSingleObject
GetWindowsDirectoryA
Sleep
CreateMutexA
LoadLibraryA
GetProcAddress
CreateFileA
GetModuleFileNameA
lstrcpyA
GetFileSize
lstrlenA

user32

GetClientRect
GetDC
ReleaseDC
GetWindowThreadProcessId
wsprintfA
EnumWindows

gdi32

GetPaletteEntries
DeleteObject
GetNearestPaletteIndex
CreateHalftonePalette

advapi32

LookupPrivilegeValueA
OpenProcessToken

msvcrt

strrchr
rand
srand
memcpy
_itoa
free
__dllonexit
_onexit
strcat
strcmp
atoi
memset
strcpy
_beginthreadex
__CxxFrameHandler
fclose
fputc
fwrite
fopen
fflush
??2@YAPAXI@Z
strncat
strstr
_purecall

ws2_32

WSAStartup
send
recv
select
connect
ioctlsocket
htons
gethostbyname
socket
closesocket

Exports

Exports

GetName
_GetName@16

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 63KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

shard
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7d83e547d99a940a82697ced5db398b1

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

msvcrt

ws2_32

Exports

Exports

Sections

.text Size: 14KB - Virtual size: 13KB

.bss Size: - Virtual size: 63KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 19KB - Virtual size: 19KB

shard Size: 9KB - Virtual size: 9KB

.CRT Size: 512B - Virtual size: 4B

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 14KB - Virtual size: 13KB

.bss
Size: - Virtual size: 63KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 19KB - Virtual size: 19KB

shard
Size: 9KB - Virtual size: 9KB

.CRT
Size: 512B - Virtual size: 4B

.reloc
Size: 3KB - Virtual size: 2KB