044a8c5faacae75f296b9898c6729090_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

044a8c5faacae75f296b9898c6729090_JaffaCakes118
Size

692KB
MD5

044a8c5faacae75f296b9898c6729090
SHA1

a07fbe8018ab70707d5823a34f9ae3924d227a2e
SHA256

3292350ca2833ddc0cc15e3ee0b76f4a0948f12c6b76e67673b8bdba8f01c27d
SHA512

6d41a72947f8b88733b1ee5dc9960e8ed8d753034c867fe2d1b3b9d4b1b723c769be5616a5a8860f871f1d03c1ed2b60c2f6f174218fbb2b140502e80c202323
SSDEEP

6144:ftK6xjZq51vFV/suNjtIqJRrJk2ULe17eHwduyptfv3gIKMvv3ztK:3x90NbhjtTi2FXptLBfztK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
044a8c5faacae75f296b9898c6729090_JaffaCakes118

Files

044a8c5faacae75f296b9898c6729090_JaffaCakes118
.dll windows:4 windows x86 arch:x86

c4c7516e29d73107fc8e010f154acb09

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wsock32

WSASetLastError
connect
getsockopt
__WSAFDIsSet
socket
setsockopt
htons
inet_ntoa
shutdown
closesocket
accept
ioctlsocket
gethostbyname
WSAStartup
recv
select
WSAGetLastError
send

kernel32

FileTimeToSystemTime
FileTimeToLocalFileTime
GetLastError
FormatMessageA
FindClose
FindFirstFileA
SetLastError
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetCurrentProcessId
GlobalMemoryStatus
CloseHandle
FreeLibrary
GetProcAddress
LoadLibraryA
GetVersionExA
FlushConsoleInputBuffer
GetStdHandle
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
InterlockedExchange
GetACP
GetLocaleInfoA
MultiByteToWideChar
WideCharToMultiByte
RaiseException
CompareStringA
CompareStringW
GetDriveTypeA
CreateFileA
GetCurrentDirectoryA
GetFullPathNameA
InterlockedDecrement
InterlockedIncrement
RtlUnwind
HeapFree
ExitProcess
HeapAlloc
GetCommandLineA
GetSystemTimeAsFileTime
HeapReAlloc
SetConsoleCtrlHandler
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
LCMapStringA
LCMapStringW
GetCPInfo
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
GetModuleHandleA
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
SetUnhandledExceptionFilter
GetModuleFileNameA
TerminateProcess
GetCurrentProcess
HeapSize
GetTimeZoneInformation
SetHandleCount
GetFileType
GetStartupInfoA
SetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
WriteFile
ReadFile
FlushFileBuffers
SetFilePointer
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
IsBadReadPtr
IsBadCodePtr
GetOEMCP
SetEnvironmentVariableA
GetLocaleInfoW
SetEndOfFile
GetProcessHeap
ReadConsoleInputA
SetConsoleMode
GetConsoleMode

Exports

Exports

fnpCommsCancelPolling
fnpCommsCloseContext
fnpCommsGetFault
fnpCommsGetLastError
fnpCommsGetPollInterval
fnpCommsGetRecvData
fnpCommsGetStatus
fnpCommsOpenContext
fnpCommsPollForResponse
fnpCommsReceiveResponse
fnpCommsSendRequest

Sections

.text
Size: 467KB - Virtual size: 468KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 55KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c4c7516e29d73107fc8e010f154acb09

Headers

File Characteristics

Imports

wsock32

kernel32

Exports

Exports

Sections

.text Size: 467KB - Virtual size: 468KB

.rdata Size: 127KB - Virtual size: 126KB

.data Size: 55KB - Virtual size: 70KB

.reloc Size: 41KB - Virtual size: 41KB

.text
Size: 467KB - Virtual size: 468KB

.rdata
Size: 127KB - Virtual size: 126KB

.data
Size: 55KB - Virtual size: 70KB

.reloc
Size: 41KB - Virtual size: 41KB