d41d0217f25e2a389e667f6db1a218f1_JaffaCakes118

General

Target

d41d0217f25e2a389e667f6db1a218f1_JaffaCakes118
Size

88KB
MD5

d41d0217f25e2a389e667f6db1a218f1
SHA1

e21b49dc18a098ef9c6b38918a42d6017a552c47
SHA256

b82cfdda7c264bc02befaa9da8521aca25afc57df495988dc4e6a6507462571b
SHA512

3b56b24a1521aff5640c7135572c10a07c1d97e40e2e185aadd002ca8a0d513d05ef7e3acf09eb2fdbb03ede7244992777bf9844a897967e4bffade885156755
SSDEEP

1536:47m+UVgMgS+LevWcT+TzWS5cAoWJytZu/x9tjH:Wm+UxEztocCZu/ztjH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d41d0217f25e2a389e667f6db1a218f1_JaffaCakes118

Files

d41d0217f25e2a389e667f6db1a218f1_JaffaCakes118
.dll windows:4 windows x86 arch:x86

46dfb7249c49b7c57ff15334ebb4ec2f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetDriveTypeA
FindNextFileA
FindFirstFileA
SetCurrentDirectoryA
Sleep
DeleteFileA
CreateThread
CompareStringW
CompareStringA
SetEndOfFile
LoadLibraryA
GetProcAddress
GetOEMCP
GetACP
IsBadCodePtr
IsBadReadPtr
HeapFree
HeapAlloc
GetTimeZoneInformation
GetSystemTime
GetLocalTime
InterlockedDecrement
InterlockedIncrement
RtlUnwind
GetCommandLineA
GetVersion
RaiseException
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetLastError
CloseHandle
WriteFile
ReadFile
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
FlushFileBuffers
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
TerminateProcess
GetCurrentProcess
HeapSize
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
SetStdHandle
CreateFileA
GetCPInfo
SetEnvironmentVariableA

shell32

DoEnvironmentSubstA

ws2_32

socket
gethostbyname
htons
getprotobyname
send
setsockopt
recv
closesocket
WSACleanup
WSAStartup
connect

Sections

.text
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

46dfb7249c49b7c57ff15334ebb4ec2f

Headers

File Characteristics

Imports

kernel32

shell32

ws2_32

Sections

.text Size: 52KB - Virtual size: 48KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 16KB - Virtual size: 18KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 52KB - Virtual size: 48KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 16KB - Virtual size: 18KB

.reloc
Size: 8KB - Virtual size: 4KB