fbd92a8f2a2fe18f58b6985d6d2fc0fc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fbd92a8f2a2fe18f58b6985d6d2fc0fc_JaffaCakes118
Size

100KB
MD5

fbd92a8f2a2fe18f58b6985d6d2fc0fc
SHA1

b12161c66b8a9ad1b84acacd20f5af643e455c77
SHA256

8eabedb5a5b8cf22a1abd02c34f9372b8f73e95c871f64994a02aa5eb9d83d64
SHA512

4dc155023968482146bcbf19964581fbdade5527b1c366e07c4652ca6e83752186220d49ea25be6f72e94c032ef7967847582ec7a39599f052d18b63999c835c
SSDEEP

1536:s9bPzC+GC/er2S4B1Ay2XtxCTj7fyiqpeBKIVLRl/4:WLCDG+2FB1AyABMVLRl/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fbd92a8f2a2fe18f58b6985d6d2fc0fc_JaffaCakes118

Files

fbd92a8f2a2fe18f58b6985d6d2fc0fc_JaffaCakes118
.dll windows:4 windows x86 arch:x86

1a11c1a03b2166a55603d1fc45d9da38

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateThread
GetTickCount
GetTempPathA
lstrlenW
WideCharToMultiByte
CloseHandle
GetCurrentProcess
GetModuleFileNameA
DeleteFileA
GetFileAttributesA
GetLocalTime
SetEndOfFile
Sleep
GetVersionExA
GetModuleHandleA
GetProcAddress
GetSystemInfo
lstrcmpiA
LoadLibraryA
LCMapStringW
LCMapStringA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
CreateFileA
ReadFile
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
InterlockedIncrement
InterlockedDecrement
SetFilePointer
IsBadWritePtr
RtlUnwind
GetCommandLineA
GetVersion
HeapAlloc
HeapFree
EnterCriticalSection
LeaveCriticalSection
GetLastError
InitializeCriticalSection
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetCPInfo
GetACP
GetOEMCP
ExitProcess
TerminateProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
HeapReAlloc

user32

GetSystemMetrics
CallNextHookEx
DispatchMessageA
TranslateMessage
GetMessageA
SetTimer
SetWindowsHookExA
CharLowerA
wsprintfA
GetWindowThreadProcessId

advapi32

OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
RegCloseKey
RegSetValueExA

ole32

CoInitialize
CoCreateInstance

oleaut32

VariantClear
SysFreeString

ws2_32

setsockopt
sendto
recvfrom
gethostbyname
WSAStartup
connect
htons
inet_addr
socket
closesocket
recv
send

Exports

Exports

AR
D_2010
GetVer
z

Sections

.text
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1a11c1a03b2166a55603d1fc45d9da38

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

ws2_32

Exports

Exports

Sections

.text Size: 64KB - Virtual size: 61KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 12KB - Virtual size: 38KB

.rsrc Size: 4KB - Virtual size: 880B

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 64KB - Virtual size: 61KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 12KB - Virtual size: 38KB

.rsrc
Size: 4KB - Virtual size: 880B

.reloc
Size: 8KB - Virtual size: 4KB