de65591ee92fc5207f7b4f8b01ba1436_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

de65591ee92fc5207f7b4f8b01ba1436_JaffaCakes118
Size

80KB
MD5

de65591ee92fc5207f7b4f8b01ba1436
SHA1

404f357ec3de094f0fb653efd39a7c394104a7a8
SHA256

7bdd4660d292ba2e74c15f3352e74efec31b87ba20f14ea45aa93c0ffbc763f1
SHA512

2d15a9103e867e3b2600a7b3603a0b6a15446975c6367cb2bda39f2270dbcb8bb118692c6124038246169f22ecb80fa66df88f1f8d9f36cd0c0b39fc3ee53364
SSDEEP

768:jIXOzZCuoiaxttwhksC0h4paji/0EeTR8ZhWY2NNfSAu4Yc9xvTKO+J2s:jIX5uaOh14p70vSZhT2NMAHYc9xvTKd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
de65591ee92fc5207f7b4f8b01ba1436_JaffaCakes118

Files

de65591ee92fc5207f7b4f8b01ba1436_JaffaCakes118
.dll windows:4 windows x86 arch:x86

f2da2bb61948accd7a47484e8832e709

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateProcess
CloseHandle
CreateEventA
OpenEventA
Sleep
DeleteFileA
ReadFile
GetFileSize
CreateFileA
OutputDebugStringA
TerminateThread
CreateToolhelp32Snapshot
GetCurrentProcessId
SetThreadPriority
GetTickCount
GetCommandLineA
GetWindowsDirectoryA
OpenProcess
CreateThread
ExitProcess
DisableThreadLibraryCalls
VirtualAlloc
VirtualFree
MultiByteToWideChar
WriteProcessMemory
VirtualProtectEx
ReadProcessMemory
Process32Next
Process32First
VirtualFreeEx
WaitForSingleObject
CreateRemoteThread
VirtualAllocEx
SetErrorMode
GetVolumeInformationA
GetComputerNameA
GetVersionExA
GetModuleHandleA
GlobalAlloc
GlobalLock
LoadLibraryA
GetProcAddress
GlobalUnlock
GlobalFree
GetModuleFileNameA
GetCurrentProcess
IsBadReadPtr
GetCurrentThreadId
WideCharToMultiByte

user32

PostThreadMessageA
EnumWindows
CallNextHookEx
SetWindowsHookExA
ClipCursor
PostMessageA
GetMessageA
GetWindowTextA
GetInputState
GetWindowThreadProcessId
wsprintfA
GetSystemMetrics

wininet

InternetOpenA
InternetOpenUrlA
InternetCloseHandle
InternetOpenW
InternetOpenUrlW
InternetReadFile

ws2_32

inet_ntoa
getpeername

advapi32

RegFlushKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegDeleteKeyA
RegDeleteValueA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

netapi32

Netbios

iphlpapi

GetAdaptersInfo

msvcrt

strncat
_strdup
??2@YAPAXI@Z
abort
__CxxFrameHandler
strstr
atoi
strchr
sprintf
strrchr
??3@YAXPAX@Z
wcscmp
wcslen
free
_initterm
malloc
_adjust_fdiv
_stricmp
_strupr

Exports

Exports

GetFileVersionInfoA
GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerFindFileA
VerFindFileW
VerInstallFileA
VerInstallFileW
VerLanguageNameA
VerLanguageNameW
VerQueryValueA
VerQueryValueIndexA
VerQueryValueIndexW
VerQueryValueW

Sections

.text
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

zdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

vdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f2da2bb61948accd7a47484e8832e709

Headers

File Characteristics

Imports

kernel32

user32

wininet

ws2_32

advapi32

netapi32

iphlpapi

msvcrt

Exports

Exports

Sections

.text Size: 63KB - Virtual size: 62KB

zdata Size: 10KB - Virtual size: 10KB

vdata Size: 2KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 63KB - Virtual size: 62KB

zdata
Size: 10KB - Virtual size: 10KB

vdata
Size: 2KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 4KB