be95db9f4f793c73cd6f078df95d2dbe_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

be95db9f4f793c73cd6f078df95d2dbe_JaffaCakes118
Size

48KB
MD5

be95db9f4f793c73cd6f078df95d2dbe
SHA1

3df8a7e81cbbfe26f36d0ba0028eb31b5d3cb824
SHA256

18330c93ea333dec6a643378b093b042b48aa7c68a411b91ae37d349b20d424e
SHA512

d44f266485c552bf77b18ef14dbfd6b90f78e86f47945c8ee595fa6d8bd36d56879abe4727acde82b30db9c9782ab292082e48c12aad418d367b730738650a7d
SSDEEP

768:eeFQn4GUq9fLUmbo4D0k3YxKI7cSjzRR2i/JlFqqtzYLE3Zrig4tmZHL:2bh3mai/JXTtKjgPZHL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
be95db9f4f793c73cd6f078df95d2dbe_JaffaCakes118

Files

be95db9f4f793c73cd6f078df95d2dbe_JaffaCakes118
.dll windows:4 windows x86 arch:x86

71a072d5760d267fd4e13988dea19e18

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetFilePointer
CreateFileW
SetFileTime
GetFileSize
GetFileTime
GetSystemDirectoryW
GetCurrentProcessId
GetModuleFileNameW
OutputDebugStringA
MultiByteToWideChar
CreateProcessW
WriteFile
DeleteFileA
CreateFileA
ExpandEnvironmentStringsA
GetModuleFileNameA
HeapCreate
CreateThread
LocalFree
LocalAlloc
Sleep
PeekNamedPipe
ReadFile
HeapDestroy
GetStartupInfoW
DeleteFileW
TerminateProcess
FindNextFileW
FindClose
GetLastError
HeapAlloc
FindFirstFileW
FreeLibrary
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
CloseHandle
OpenProcess
GetProcAddress
GetLogicalDriveStringsW
GetDriveTypeW
HeapFree
GetVersionExW
LoadLibraryW
ExpandEnvironmentStringsW

user32

WaitForInputIdle
GetWindowDC

gdi32

GetPixel

advapi32

GetSidSubAuthorityCount
GetSidIdentifierAuthority
LookupAccountNameW
GetUserNameW
RegCloseKey
RegEnumKeyW
RegQueryValueExA
RegDeleteKeyW
RegCreateKeyA
RegSetValueExA
RegOpenKeyExW
RegQueryValueExW
GetSidSubAuthority

ole32

CoCreateInstance
CoInitialize
CoUninitialize

crypt32

CertOpenSystemStoreW
CertFindCertificateInStore
CertCloseStore
CertFindChainInStore
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertGetCertificateChain
CertFreeCertificateContext

netapi32

NetUserGetLocalGroups
NetApiBufferFree

psapi

EnumProcessModules
GetModuleFileNameExW

ws2_32

recv
WSACleanup
send
gethostbyname
inet_ntoa
closesocket
connect
htons
ntohs
WSAGetLastError
socket
setsockopt
WSAStartup

msvcrt

wcscpy
_adjust_fdiv
malloc
_initterm
free
strstr
memmove
_itoa
strcat
wcsstr
_wfopen
fread
sscanf
fclose
sprintf
fwrite
_wtoi
strcpy
__CxxFrameHandler
atoi
memset
memcpy
swprintf
wcscat
strlen
_stricmp
wcslen

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

71a072d5760d267fd4e13988dea19e18

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

crypt32

netapi32

psapi

ws2_32

msvcrt

Sections

.text Size: 28KB - Virtual size: 25KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 8KB - Virtual size: 5KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 28KB - Virtual size: 25KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 8KB - Virtual size: 5KB

.reloc
Size: 4KB - Virtual size: 1KB