fc77956ff905e633555758f47cf1c407_JaffaCakes118

General

Target

fc77956ff905e633555758f47cf1c407_JaffaCakes118
Size

12KB
MD5

fc77956ff905e633555758f47cf1c407
SHA1

2487965bf69f59c2fab50c42b06cc4577c01ff31
SHA256

456d689c62e133d4e4cc0213a46f9302b89f724d00c6746317d49f706a3c0d7f
SHA512

f19d57ddc0ed0440b1d291465fce585f1a9d35abc56d73412c61fd2eea35280a30a327ffca0b751145f2ee713a7d022d7c5110b29a7706f3fb073947c1964211
SSDEEP

192:29VH5M8WrXGx9B4Ll5VM0FRjnc+oohaAiA5YRh/NZbqZqCoaxR:8H5gb04LrPZnc/ohxYRRNZOVoa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fc77956ff905e633555758f47cf1c407_JaffaCakes118

Files

fc77956ff905e633555758f47cf1c407_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d47d8907625212284bd11776ce49c469

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateThread
GetOEMCP
CreateProcessW
GetSystemDirectoryW
GetStartupInfoW
CreatePipe
Process32NextW
Process32FirstW
WriteFile
GetLastError
MoveFileExA
GetTickCount
GetVersionExW
WideCharToMultiByte
DeleteFileW
CreateFileW
CloseHandle
Sleep
PeekNamedPipe
ReadFile
CreateToolhelp32Snapshot
MultiByteToWideChar

user32

PostThreadMessageW
wsprintfW
GetMessageW

advapi32

RegCloseKey
RegOpenKeyA
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA

shell32

ShellExecuteW

ws2_32

gethostname
gethostbyname
inet_ntoa
send
connect
htons
socket
WSAStartup
recv
closesocket

wininet

InternetOpenUrlA
InternetOpenA
InternetCloseHandle
HttpQueryInfoW

msvcrt

_adjust_fdiv
malloc
_initterm
free
strstr
strncmp
atoi
strchr
wcslen
strncat
sprintf
_wtoi
printf
_except_handler3
wcscat
exit
??2@YAPAXI@Z
??3@YAXPAX@Z

Exports

Exports

run

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 754B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d47d8907625212284bd11776ce49c469

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ws2_32

wininet

msvcrt

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1024B - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 754B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1024B - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 754B