f6d68b028cce993c07a08ddfcbad660a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f6d68b028cce993c07a08ddfcbad660a_JaffaCakes118
Size

32KB
MD5

f6d68b028cce993c07a08ddfcbad660a
SHA1

27fda02cf3c5eda7d038fc139c2a9970414f694b
SHA256

dc4272833cac156c8531b7b5e379674b848241e859840a780b76ae54ace7325d
SHA512

96d58aaea50545fa28bc34df79829d94f25a9ec720f2b1459f145514b3ad08c1e23e845fd8a3edaa044a833d8b1976731421e344edc4903dd09b59dce86f553a
SSDEEP

768:qySXyRedYsWYfzl7Y74boaAlHNa+sZYO:qySXyRee3Yfzlu4oHNaxY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f6d68b028cce993c07a08ddfcbad660a_JaffaCakes118

Files

f6d68b028cce993c07a08ddfcbad660a_JaffaCakes118
.dll windows:4 windows x86 arch:x86

738370375fff90d73e22a5c9c81321f9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

gethostbyname
inet_ntoa
ntohl
recv
socket
inet_addr
htons
connect
send
closesocket

mfc42

ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord2976
ord2725
ord3953
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord1116
ord2982
ord5714
ord5289
ord269
ord826
ord600
ord1578
ord6467
ord1255
ord5307
ord4698
ord4079
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord825
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1168
ord1575
ord1176
ord815

msvcrt

??1type_info@@UAE@XZ
_adjust_fdiv
malloc
_initterm
free
_onexit
__dllonexit
??2@YAPAXI@Z
__CxxFrameHandler
_strlwr
strncpy
strncmp
memchr
strstr
sprintf
strcat
strcpy
strchr
strlen
memcpy
atoi

kernel32

GlobalFree
ExitProcess
SetFileAttributesA
CreateFileA
GetFileSize
ReadFile
DeleteFileA
GetModuleHandleA
WriteFile
GetCurrentProcess
WriteProcessMemory
CloseHandle
CreateToolhelp32Snapshot
Sleep
CreateThread
LocalFree
GlobalAlloc
LocalAlloc
GetTickCount
GetModuleFileNameA
VirtualQuery
Process32Next
TerminateProcess
DuplicateHandle
OpenProcess
GetProcAddress
Process32First

user32

SetWindowsHookExA
PeekMessageA
TranslateMessage
DispatchMessageA
KillTimer
GetWindowTextA
ScreenToClient
CallNextHookEx
SetTimer
GetForegroundWindow
GetDC
ReleaseDC

gdi32

GetObjectA
GetTextExtentExPointA
GetPixel
DeleteDC
DeleteObject
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetDIBits

Exports

Exports

Hook

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

738370375fff90d73e22a5c9c81321f9

Headers

File Characteristics

Imports

ws2_32

mfc42

msvcrt

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 14KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 27KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 16KB - Virtual size: 14KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 27KB

.reloc
Size: 4KB - Virtual size: 1KB