0846c6f7b3596c20a35441451b4ed224_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0846c6f7b3596c20a35441451b4ed224_JaffaCakes118
Size

32KB
MD5

0846c6f7b3596c20a35441451b4ed224
SHA1

a24b56c05b04ebfe7694c87934c822d438f07e02
SHA256

7b69802af3a9d21c8553183a8d65864ad14e0a825981f1ad65634a97b4442295
SHA512

3b1d6629ebdfc7f2d329d95bd6d7174e4ac1a455468088ce386e72253e32ddafc1d7a2fb098ebe9e1119d4b7fdf52207b3028b9b9340ad0d3c62b25fa7bd169b
SSDEEP

192:2jiDwBbb6VkWWqEJfbgLnON9KATtjH64OVIBnMVayUdS0ezKFKhZ7Ac4FJULJwAW:c01WyLSvfOWMKU0qHhZcHccxBEO7m2j

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0846c6f7b3596c20a35441451b4ed224_JaffaCakes118

Files

0846c6f7b3596c20a35441451b4ed224_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

4cbd5139acef429c7196da06e9599490

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LocalFree
GetProcAddress
LoadLibraryA
LeaveCriticalSection
GetTickCount
EnterCriticalSection
GetModuleFileNameA
CreateDirectoryA
GetCurrentProcessId
CreateEventA
ReleaseMutex
WaitForSingleObject
FreeLibrary
HeapFree
ExpandEnvironmentStringsA
WideCharToMultiByte
LoadLibraryW
ExpandEnvironmentStringsW
HeapAlloc
HeapCreate
CloseHandle
DeleteCriticalSection
CreateMutexA
InitializeCriticalSection
VirtualQuery
GetModuleFileNameW
MultiByteToWideChar
GlobalFree
GlobalAlloc
SetEvent

user32

wsprintfA
SendMessageA
wvsprintfA

ws2_32

getsockname
listen
bind
socket
WSALookupServiceNextW
WSALookupServiceBeginW
WSALookupServiceEnd
connect
accept
WSCUnInstallNameSpace
WSCInstallNameSpace
WSAStartup
WSAEnumNameSpaceProvidersA
WSACleanup
WSCEnumProtocols
WSASetLastError
ntohs
htons
inet_ntoa
shutdown
closesocket
WSCDeinstallProvider
WSCInstallProvider
WSAGetLastError

rpcrt4

UuidCreate

msvcrt

_adjust_fdiv
malloc
_initterm
free
_itoa
wcschr
wcscpy
wcslen
wcscat
fopen
fprintf
fclose

Exports

Exports

AddPair
ClearPairs
DllMain
DllRegisterServer
DllUnregisterServer
GetAddressInfo
InitRedir
NSPStartup
RemoveAllLSP
RemovePort
SetDebug
SetProxy
WSPStartup

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

shared
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4cbd5139acef429c7196da06e9599490

Headers

File Characteristics

Imports

kernel32

user32

ws2_32

rpcrt4

msvcrt

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 11KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 2KB

shared Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 2KB

shared
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 1KB