fa88066e4c5cb4faeb55dcaf03e6e861_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fa88066e4c5cb4faeb55dcaf03e6e861_JaffaCakes118
Size

208KB
MD5

fa88066e4c5cb4faeb55dcaf03e6e861
SHA1

d6be15df30e2c0b3e3630d17b3c9edf58736cef4
SHA256

8ca9ea7c1d814f3165e94a418f613ab4096d1fe984b2737a2d3d79819f2bbada
SHA512

b73c52e3bf0aa863f1b51d0f3c0451d63eaeda0c25bad06b11496595683dfd5752e29e0929b3a5594516b42ba570d63bb93f520c7905be84eaa78040d79ba193
SSDEEP

3072:llze6Otp/Vj9Aawldqq9cp6SyAMiUUzewvknz4k/lbSzCjtcH:H2/V9nwvSWUiwMJlbri

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fa88066e4c5cb4faeb55dcaf03e6e861_JaffaCakes118

Files

fa88066e4c5cb4faeb55dcaf03e6e861_JaffaCakes118
.dll windows:4 windows x86 arch:x86

5bf549acc72df7b0f7953f6ec2748772

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

WSAStartup
gethostname
send
inet_ntoa
getsockopt
setsockopt
ioctlsocket
connect
shutdown
gethostbyname
inet_addr
sendto
socket
htons
select
recv
ntohs
closesocket

user32

wsprintfA

kernel32

WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
SetFilePointer
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetTickCount
LocalAlloc
LocalFree
LocalSize
Sleep
HeapFree
HeapAlloc
GetProcessHeap
lstrcpynA
GetProcAddress
CreateFileA
GetModuleHandleA
GlobalAlloc
GlobalFree
GetLastError
SystemTimeToFileTime
GetSystemTime
lstrlenA
GetTimeFormatA
GetDateFormatA
GetTimeZoneInformation
GetLocalTime
GetFileAttributesA
LeaveCriticalSection
EnterCriticalSection
CloseHandle
CreateThread
DeleteFileA
ExpandEnvironmentStringsA
GetExitCodeThread
lstrcatA
lstrcpyA
ExitProcess
InitializeCriticalSection
ReadFile
GetLocaleInfoW
SetEndOfFile
LoadLibraryA
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
InterlockedExchange
MultiByteToWideChar
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetCurrentThreadId
GetCommandLineA
GetVersionExA
LCMapStringA
LCMapStringW
GetCPInfo
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
WriteFile
GetConsoleCP
GetConsoleMode
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
HeapSize
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetACP
GetOEMCP
IsValidCodePage

advapi32

RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA

Exports

Exports

DispatchCommand
DispatchEvent

Sections

.text
Size: 160KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5bf549acc72df7b0f7953f6ec2748772

Headers

File Characteristics

Imports

ws2_32

user32

kernel32

advapi32

Exports

Exports

Sections

.text Size: 160KB - Virtual size: 156KB

.rdata Size: 24KB - Virtual size: 22KB

.data Size: 8KB - Virtual size: 26KB

.reloc Size: 12KB - Virtual size: 9KB

.text
Size: 160KB - Virtual size: 156KB

.rdata
Size: 24KB - Virtual size: 22KB

.data
Size: 8KB - Virtual size: 26KB

.reloc
Size: 12KB - Virtual size: 9KB