de1adad37f5dfe6c3781ff7439052357_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

de1adad37f5dfe6c3781ff7439052357_JaffaCakes118
Size

27KB
MD5

de1adad37f5dfe6c3781ff7439052357
SHA1

7dd2428d400636a4a87b9c0b4588f5347f66dae4
SHA256

407a049c3fe4eda21236b30a34dc37423f602d063ccbe458bf6f6282975ca70e
SHA512

f988a14c0d7fc1efafbb638ec2cfca82b526ecc8adaaf453d5d527a93f2e1f14a9e3a8268c41ab7ecded1a9f99cdd0a4bfdca90e13950db564f670014b10449e
SSDEEP

768:9aCJ47+7Y5YTcNGPinlGSG9togNihQdS:9F466YTcIylQroaihQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
de1adad37f5dfe6c3781ff7439052357_JaffaCakes118

Files

de1adad37f5dfe6c3781ff7439052357_JaffaCakes118
.dll windows:4 windows x86 arch:x86

2fad317ce128541cde218e9a8a49ac32

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryA
GlobalAlloc
GlobalFree
CreateThread
GetCurrentProcessId
CreateProcessA
FreeLibrary
MultiByteToWideChar
HeapAlloc
GetProcessHeap
RemoveDirectoryA
Sleep
GetLastError
CreateDirectoryA
DeleteFileA
GetSystemDirectoryA
CreateFileA
SetFilePointer
WriteFile
HeapFree
CloseHandle
LCMapStringA
RtlUnwind
HeapReAlloc
VirtualAlloc
GetOEMCP
GetACP
GetCPInfo
LeaveCriticalSection
EnterCriticalSection
LCMapStringW
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
GetStringTypeA
GetStringTypeW
InitializeCriticalSection

advapi32

CreateServiceA
CloseServiceHandle
RegCreateKeyExA
RegCloseKey
RegSetValueExA
OpenSCManagerA

ws2_32

socket
htons
connect
send
recv
closesocket
WSAStartup
inet_addr
gethostbyname
WSACleanup
WSCEnumProtocols
WSCInstallProvider

Exports

Exports

g_dwPid
g_szShare

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ShareDat
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2fad317ce128541cde218e9a8a49ac32

Headers

File Characteristics

Imports

kernel32

advapi32

ws2_32

Exports

Exports

Sections

.text Size: 17KB - Virtual size: 17KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 3KB - Virtual size: 4KB

ShareDat Size: 512B - Virtual size: 264B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 17KB - Virtual size: 17KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 3KB - Virtual size: 4KB

ShareDat
Size: 512B - Virtual size: 264B

.reloc
Size: 2KB - Virtual size: 1KB