06ed2ace3f5d0cdeb057dcf68e0cacd0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

06ed2ace3f5d0cdeb057dcf68e0cacd0_JaffaCakes118
Size

692KB
MD5

06ed2ace3f5d0cdeb057dcf68e0cacd0
SHA1

636caa9ab11f6433e428cbf5b1d45555f4c15eff
SHA256

8024d224f62b442b265557d0b84d6a939e501350eabbb7f381c165aa3cf1aa78
SHA512

c95c8f4334e445e618eefa6ea75a8c0cc3d2c4f99cfac484bc9994e99075be26283132e4e2b82490e17245420bde5332b041bf5f5d9af72b35fe5a105d3cb7bb
SSDEEP

6144:1lj0LjXRBxGE4rMndox6DoNjd94s+ULe17eHwduyptfv3gIKMvv3ztK:1lABjGE4rwfDAr4rFXptLBfztK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
06ed2ace3f5d0cdeb057dcf68e0cacd0_JaffaCakes118

Files

06ed2ace3f5d0cdeb057dcf68e0cacd0_JaffaCakes118
.dll windows:4 windows x86 arch:x86

c4c7516e29d73107fc8e010f154acb09

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wsock32

WSASetLastError
connect
getsockopt
__WSAFDIsSet
socket
setsockopt
htons
inet_ntoa
shutdown
closesocket
accept
ioctlsocket
gethostbyname
WSAStartup
recv
select
WSAGetLastError
send

kernel32

FileTimeToSystemTime
FileTimeToLocalFileTime
GetLastError
FormatMessageA
FindClose
FindFirstFileA
SetLastError
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetCurrentProcessId
GlobalMemoryStatus
CloseHandle
FreeLibrary
GetProcAddress
LoadLibraryA
GetVersionExA
FlushConsoleInputBuffer
GetStdHandle
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
InterlockedExchange
GetACP
GetLocaleInfoA
MultiByteToWideChar
WideCharToMultiByte
RaiseException
CompareStringA
CompareStringW
GetDriveTypeA
CreateFileA
GetCurrentDirectoryA
GetFullPathNameA
InterlockedDecrement
InterlockedIncrement
RtlUnwind
HeapFree
ExitProcess
HeapAlloc
GetCommandLineA
GetSystemTimeAsFileTime
HeapReAlloc
SetConsoleCtrlHandler
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
LCMapStringA
LCMapStringW
GetCPInfo
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
GetModuleHandleA
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
SetUnhandledExceptionFilter
GetModuleFileNameA
TerminateProcess
GetCurrentProcess
HeapSize
GetTimeZoneInformation
SetHandleCount
GetFileType
GetStartupInfoA
SetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
WriteFile
ReadFile
FlushFileBuffers
SetFilePointer
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
IsBadReadPtr
IsBadCodePtr
GetOEMCP
SetEnvironmentVariableA
GetLocaleInfoW
SetEndOfFile
GetProcessHeap
ReadConsoleInputA
SetConsoleMode
GetConsoleMode

Exports

Exports

fnpCommsCancelPolling
fnpCommsCloseContext
fnpCommsGetFault
fnpCommsGetLastError
fnpCommsGetPollInterval
fnpCommsGetRecvData
fnpCommsGetStatus
fnpCommsOpenContext
fnpCommsPollForResponse
fnpCommsReceiveResponse
fnpCommsSendRequest

Sections

.text
Size: 467KB - Virtual size: 468KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 55KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c4c7516e29d73107fc8e010f154acb09

Headers

File Characteristics

Imports

wsock32

kernel32

Exports

Exports

Sections

.text Size: 467KB - Virtual size: 468KB

.rdata Size: 127KB - Virtual size: 126KB

.data Size: 55KB - Virtual size: 70KB

.reloc Size: 41KB - Virtual size: 41KB

.text
Size: 467KB - Virtual size: 468KB

.rdata
Size: 127KB - Virtual size: 126KB

.data
Size: 55KB - Virtual size: 70KB

.reloc
Size: 41KB - Virtual size: 41KB