ce76c1919d038859fa76045b45aee8e2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ce76c1919d038859fa76045b45aee8e2_JaffaCakes118
Size

72KB
MD5

ce76c1919d038859fa76045b45aee8e2
SHA1

b8f8fe482be54692602efc07853624b42047ca5c
SHA256

435a0b55593a98734b17f4739b6e0f051a148b10a2eb813fa6591907a423517f
SHA512

ea3b84a5fddd4e77df407de3798dfdb438573f6b03ff96178fab86d43e32c0caa7a5d8311ccc857ec034afe83575095e528329ccb53db917612c51bdcdaf3ab3
SSDEEP

1536:dvHUUwxJH/CjK5e8l0GjyDwWmPrHNgtO9:dvHWa49yDkPzMO9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ce76c1919d038859fa76045b45aee8e2_JaffaCakes118

Files

ce76c1919d038859fa76045b45aee8e2_JaffaCakes118
.dll windows:4 windows x86 arch:x86

2ac2988cad2620054d94d78b861afe2a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord2077
ord2029
ord535
ord523
ord1247
ord791
ord6394
ord5450
ord5440
ord2818
ord825
ord860
ord4278
ord941
ord4129
ord537
ord5710
ord800
ord540
ord858
ord2820
ord3663
ord3811
ord939
ord6383
ord926
ord2763
ord2764
ord922
ord823

msvcrt

fopen
_mbscmp
malloc
atoi
printf
strchr
strncmp
_except_handler3
fclose
free
fwrite
__CxxFrameHandler
fread
_stat
_initterm
memmove
sscanf
??1exception@@UAE@XZ
sprintf
__dllonexit
_onexit
??1type_info@@UAE@XZ
_adjust_fdiv
_strnicmp

kernel32

ExitThread
lstrlenA
WaitForSingleObject
DuplicateHandle
WaitForMultipleObjects
LocalAlloc
LocalFree
LoadLibraryA
GetProcAddress
CreateThread
FreeLibrary
SetCurrentDirectoryA
GetSystemInfo
CreateMutexA
DisableThreadLibraryCalls
GetModuleFileNameA
CreateFileA
FindFirstFileA
DeleteFileA
FindNextFileA
WriteFile
PeekNamedPipe
ReadFile
GetLastError
CreatePipe
GetCurrentProcess
GetVersionExA
CloseHandle
DisconnectNamedPipe
GetCurrentDirectoryA
CreateProcessA
TerminateThread
TerminateProcess
OpenProcess
GetShortPathNameA
Sleep
GetDriveTypeA
GetVolumeInformationA
GetSystemDirectoryA
GlobalMemoryStatus
GetComputerNameA
GetTickCount

user32

DispatchMessageA
wsprintfA
TranslateMessage
PeekMessageA
ExitWindowsEx

advapi32

EnumServicesStatusA
RegOpenKeyA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
DeleteService
RegDeleteKeyA
OpenSCManagerA
RegSetValueExA
CloseServiceHandle
OpenServiceA
QueryServiceStatus
StartServiceA
ControlService
RegEnumKeyExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA

ws2_32

__WSAFDIsSet
connect
htons
listen
socket
recv
accept
WSASetLastError
closesocket
WSACleanup
ntohs
gethostname
gethostbyname
inet_ntoa
setsockopt
htonl
inet_addr
bind
send
WSAStartup
select
WSAGetLastError

psapi

EnumProcessModules
GetModuleBaseNameA
EnumProcesses
GetModuleFileNameExA

msvcirt

??1ios@@UAE@XZ
??1fstream@@UAE@XZ
?close@fstream@@QAEXXZ
??_Dfstream@@QAEXXZ
??0fstream@@QAE@XZ

iphlpapi

GetUdpTable
GetTcpTable

msvcp60

??_7bad_alloc@std@@6B@
??1bad_alloc@std@@UAE@XZ

Exports

Exports

_DllMain@12

Sections

.text
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2ac2988cad2620054d94d78b861afe2a

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

advapi32

ws2_32

psapi

msvcirt

iphlpapi

msvcp60

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 40KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 8KB - Virtual size: 7KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 44KB - Virtual size: 40KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB