fb09a3ec73c18ea72be2c353c3b429e0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fb09a3ec73c18ea72be2c353c3b429e0_JaffaCakes118
Size

80KB
MD5

fb09a3ec73c18ea72be2c353c3b429e0
SHA1

0fab6c31639913e9d4f2826f0dd17409ddebea87
SHA256

e53822c055b15a8e4d5a1e62c197202c4532e6a93fc40d10f889483d241176ea
SHA512

63ae7ad42e5faa0fc5998d81b8a77e18b08579f5f4a4558284d49917a459375fff0e4c637946c1a78ff81e329ad5481b40363e186a1251c133582629c5b07c29
SSDEEP

768:r12cFViETL/8CTpCEY/Wt6ntuQehuZteFOkeLGlwSeuI4diAi25t:r1fjkC9xY/pRed589TpAF5t

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fb09a3ec73c18ea72be2c353c3b429e0_JaffaCakes118

Files

fb09a3ec73c18ea72be2c353c3b429e0_JaffaCakes118
.dll windows:4 windows x86 arch:x86

e6fef9b958f1b99588ada9985b1c0f51

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
GlobalAlloc
GetTickCount
lstrcpynA
GetProcAddress
LoadLibraryA
GetModuleHandleA
lstrcatA
GetSystemDirectoryA
WriteFile
SetFilePointer
CreateFileA
GetCurrentThreadId
GetLocalTime
InterlockedIncrement
lstrcpyA
ReadFile
GetEnvironmentVariableA
GetWindowsDirectoryA
FindClose
FindNextFileA
Sleep
lstrcmpA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileSize
GetDriveTypeA
ExitThread
SetThreadPriority
GetCurrentThread
DeleteFileA
InterlockedDecrement
InterlockedExchange
CreateThread
GetTimeZoneInformation
WritePrivateProfileStringA
GetPrivateProfileIntA
GetModuleFileNameA
ReleaseMutex
CreateMutexA
TerminateThread
SetErrorMode
WideCharToMultiByte
lstrlenA
CreateProcessA
WaitForSingleObject
FindFirstFileA
CloseHandle

user32

CharUpperA
CharLowerA
wsprintfA
CallNextHookEx
KillTimer
UnhookWindowsHookEx
wvsprintfA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegOpenKeyA
RegCloseKey

wininet

InternetOpenUrlA
InternetReadFile
InternetOpenA
InternetCloseHandle

ws2_32

recv
select
htons
sendto
socket
closesocket
gethostbyname
inet_addr
WSAStartup
gethostname
inet_ntoa
connect
ntohs
send

msvcrt

free
__mb_cur_max
malloc
_adjust_fdiv
_initterm
_isctype
_pctype
sprintf
_mbsstr
_mbsnbcpy
strcpy
strlen
__CxxFrameHandler
isxdigit
toupper
isdigit
memcpy
tolower
memset

Sections

.text
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 235KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Shared
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e6fef9b958f1b99588ada9985b1c0f51

Headers

File Characteristics

Imports

kernel32

user32

advapi32

wininet

ws2_32

msvcrt

Sections

.text Size: 44KB - Virtual size: 42KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 235KB

.xdata Size: 4KB - Virtual size: 2KB

Shared Size: 16KB - Virtual size: 13KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 44KB - Virtual size: 42KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 235KB

.xdata
Size: 4KB - Virtual size: 2KB

Shared
Size: 16KB - Virtual size: 13KB

.reloc
Size: 4KB - Virtual size: 3KB