dd3d4bf4857c7152e49376a7402d54fc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

dd3d4bf4857c7152e49376a7402d54fc_JaffaCakes118
Size

240KB
MD5

dd3d4bf4857c7152e49376a7402d54fc
SHA1

ee31b036b6267f00131e90b2ec16d1a201aea6cc
SHA256

e72481071199cdf74297280500563a3c5d47a295fd8ef556c4e681a62b68637a
SHA512

40aec904bc23d84fb844ff879e3e694a1342fe20b28be5461ac018e44cf3f16a0c2eb6295b03486ecc883cfd512133037bc873a653503c454be194389ecfcbc6
SSDEEP

6144:tN3Yq4ZpAPeB0fkMzgGHhUN3Yq4ZpAPeB0fkMzgGHh:tiAWB0sIhUiAWB0sIh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dd3d4bf4857c7152e49376a7402d54fc_JaffaCakes118

Files

dd3d4bf4857c7152e49376a7402d54fc_JaffaCakes118
.dll windows:4 windows x86 arch:x86

018503ab46c8f1647559830ae95f06fe

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_CxxThrowException
sscanf
isdigit
strtol
??1type_info@@UAE@XZ
strncat
_onexit
_initterm
_adjust_fdiv
realloc
memmove
toupper
tolower
strtok
memcmp
strcpy
strrchr
_strnicmp
strstr
rand
printf
atol
atoi
_strlwr
strchr
strcat
_stricmp
strcmp
memset
malloc
fopen
free
fclose
fgets
strncpy
clock
srand
abs
time
localtime
sprintf
fprintf
vsprintf
strlen
_EH_prolog
__CxxFrameHandler
memcpy
??3@YAXPAX@Z
??2@YAPAXI@Z
__dllonexit

wsock32

recv
WSACleanup
WSAStartup
select
closesocket
htons
getservbyname
send
gethostname
ioctlsocket
gethostbyname
socket
connect
WSAGetLastError
inet_ntoa
getsockopt
ntohl
htonl
setsockopt

kernel32

GetLastError
OpenFile
_lclose
GetStdHandle
WriteFile
ReadFile
GetFileSize
GetFileType
CreateFileA
CloseHandle
GetVersionExA
lstrcpyA
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetLocalTime
GetProcAddress
FreeLibrary
LoadLibraryA
GetModuleHandleA
lstrcmpA
GetEnvironmentVariableA
lstrcmpiA
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
Sleep
lstrlenA
lstrcatA

user32

wsprintfA
CharNextA

advapi32

RegEnumValueA
RegDeleteValueA
RegOpenKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA

Exports

Exports

Blat
Send
SetPrintFunc
cSend

Sections

.text
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

018503ab46c8f1647559830ae95f06fe

Headers

File Characteristics

Imports

msvcrt

wsock32

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 71KB - Virtual size: 70KB

.rdata Size: 31KB - Virtual size: 31KB

.data Size: 7KB - Virtual size: 40KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 71KB - Virtual size: 70KB

.rdata
Size: 31KB - Virtual size: 31KB

.data
Size: 7KB - Virtual size: 40KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 7KB