dca295acf9151ab8ba449e014b0b3cc9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

dca295acf9151ab8ba449e014b0b3cc9_JaffaCakes118
Size

97KB
MD5

dca295acf9151ab8ba449e014b0b3cc9
SHA1

70ffcd4280cc770eecfc7b60df8d0f0bf90d9b02
SHA256

50f857d54a20219a422f545a22fb1edfa486dcf582581e2b6122358da0a3a366
SHA512

fc3b5b251d07d8a84df93c788dcf2f8fa0442bad72b83d26948aa89b97dd455a9687c99c2d2b317576c746a479a0498c174fdbeff0479a4610a043b5dc32d1a2
SSDEEP

1536:ssJsGXP+v02HYaHithLAH6qzFnToIfmP17K4GKZUfNfo:XJsGXmv024aHitUdztTBfmPZK4G0Uflo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dca295acf9151ab8ba449e014b0b3cc9_JaffaCakes118

Files

dca295acf9151ab8ba449e014b0b3cc9_JaffaCakes118
.dll windows:4 windows x86 arch:x86

f26959cdc5577dbb0e027d447f2716ed

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

WSAGetLastError
recv
send
inet_addr
gethostbyname
connect
htons
shutdown
closesocket
socket
setsockopt
WSACleanup
WSAStartup

mfc42

ord6928
ord537
ord1168
ord825
ord800
ord823
ord1253
ord2405
ord342
ord668
ord1182
ord1980
ord2770
ord356
ord3573
ord3626
ord2414
ord1641
ord3663
ord3571
ord3619
ord5785
ord1640
ord354
ord5186
ord6385
ord1979
ord665
ord323

msvcrt

_adjust_fdiv
_initterm
_onexit
__dllonexit
_purecall
wcslen
_except_handler3
malloc
free
__CxxFrameHandler
_strlwr
atol
sprintf
strncpy
memcpy
_stricmp

kernel32

GetCurrentProcess
FlushInstructionCache
SetLastError
GetLastError
GetCurrentProcessId
VirtualQuery
VirtualProtect
WideCharToMultiByte
GetModuleFileNameA
GetSystemDirectoryA
CreateDirectoryA
LoadLibraryA
CopyFileA
Sleep
DeleteFileA
FindResourceA
LoadResource
SizeofResource
CreateFileA
WriteFile
CreateProcessA
WaitForSingleObject
CloseHandle
GetModuleHandleA
GetProcAddress

user32

FillRect

gdi32

Rectangle
CreateSolidBrush
TextOutW
CreateFontA
CreateDIBSection
CreateCompatibleDC
CreateDCA

winspool.drv

GetJobA
GetPrinterA

advapi32

RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
OpenServiceA
OpenSCManagerA
CloseServiceHandle
QueryServiceStatus
StartServiceA
RegQueryValueExA

Sections

.text
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 196KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f26959cdc5577dbb0e027d447f2716ed

Headers

File Characteristics

Imports

ws2_32

mfc42

msvcrt

kernel32

user32

gdi32

winspool.drv

advapi32

Sections

.text Size: 40KB - Virtual size: 37KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 8KB - Virtual size: 7KB

.rsrc Size: 196KB - Virtual size: 192KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 40KB - Virtual size: 37KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 196KB - Virtual size: 192KB

.reloc
Size: 4KB - Virtual size: 3KB