ced87544ab0f219f275dcda8fe6b267f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ced87544ab0f219f275dcda8fe6b267f_JaffaCakes118
Size

61KB
MD5

ced87544ab0f219f275dcda8fe6b267f
SHA1

8071db97f0639334d405b29618f58025eca8b90e
SHA256

c611de6c1f3819528d8dec97c96ed2b0309518ee91f18a8ef6b89f67ded6f240
SHA512

a456a4f3dd4bf09014c759ea19d265ea4d677f80166805696d57590aba2a1c276098a336e612549ee38f08bca7a21ed9cbfc7a6b9680f653ca43b4fd96c7717c
SSDEEP

1536:QbWvV+7xPq3WMHVByrGh6xEmnhh/OIn/9jjSQvesB89e0/GtBEDmphYZBhmho/t9:QbWvV+VPq3xVBilOI/9jh322kipeZDmm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ced87544ab0f219f275dcda8fe6b267f_JaffaCakes118

Files

ced87544ab0f219f275dcda8fe6b267f_JaffaCakes118
.dll windows:4 windows x86 arch:x86

27b3be79aeaed944e26a0a13c42e71c6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_adjust_fdiv
_initterm
_onexit
__dllonexit
longjmp
_setjmp3
vsprintf
_itoa
memmove
_purecall
strncmp
atoi
strncpy
strcmp
strcat
strcpy
malloc
_iob
fprintf
strspn
strcspn
tolower
isxdigit
_strcmpi
isdigit
_strdup
sscanf
_strlwr
??2@YAPAXI@Z
??3@YAXPAX@Z
__CxxFrameHandler
_splitpath
memset
memcpy
memcmp
sprintf
strchr
strstr
strncat
strlen
free
isupper
isspace
ispunct
isprint
islower
isgraph
iscntrl
isalpha
isalnum

kernel32

VirtualProtect
GetCurrentProcess
FlushInstructionCache
FlushViewOfFile
ReleaseMutex
WaitForSingleObject
CreateMutexA
GetProcAddress
ReadProcessMemory
OpenProcess
CreateToolhelp32Snapshot
Process32First
Process32Next
LoadLibraryA
FreeLibrary
VirtualQuery
SetLastError
LeaveCriticalSection
EnterCriticalSection
GetLastError
GetTickCount
TlsSetValue
TlsGetValue
SetEvent
lstrlenA
GetCurrentProcessId
TlsAlloc
TlsFree
GetModuleHandleA
lstrcpyA
lstrcatA
GetModuleFileNameA
CreateThread
CreateEventA
InitializeCriticalSection
DeleteCriticalSection
CloseHandle
TerminateThread
WaitForMultipleObjects
SetEndOfFile
WriteFile
SetFilePointer
ReadFile
GetFileSize
CreateFileA
GetWindowsDirectoryA
lstrcmpiA
MapViewOfFile
CreateFileMappingA
lstrcpynA
UnmapViewOfFile
GetVersionExA
GetVolumeInformationA
GetComputerNameA

user32

UnhookWindowsHookEx
CallNextHookEx
CharLowerA
wsprintfA
SendMessageA
FindWindowA
SetWindowsHookExA

advapi32

CryptHashData
CryptDeriveKey
CryptGetUserKey
CryptImportKey
CryptAcquireContextA
CryptCreateHash
CryptGenKey
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
CryptDestroyKey
CryptDecrypt
CryptEncrypt

ws2_32

WSASend
closesocket
recv
WSARecv
gethostbyname
WSAGetLastError
ntohs
getpeername
connect
inet_ntoa
send

wininet

InternetQueryOptionA
HttpQueryInfoA
InternetOpenUrlA
InternetOpenA
InternetCloseHandle
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestA
InternetConnectA
InternetReadFile

Exports

Exports

Fire

Sections

.text
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Shared
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

27b3be79aeaed944e26a0a13c42e71c6

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

advapi32

ws2_32

wininet

Exports

Exports

Sections

.text Size: 41KB - Virtual size: 41KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 3KB - Virtual size: 7KB

.Shared Size: 512B - Virtual size: 8B

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 41KB - Virtual size: 41KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 3KB - Virtual size: 7KB

.Shared
Size: 512B - Virtual size: 8B

.reloc
Size: 5KB - Virtual size: 4KB