0a6b223b65029d16510ddec5555211bb_JaffaCakes118

General

Target

0a6b223b65029d16510ddec5555211bb_JaffaCakes118
Size

76KB
MD5

0a6b223b65029d16510ddec5555211bb
SHA1

f9b85ae368a76f39fc2c3d84644608d29336210d
SHA256

6c8886257bc2db886c18b526cf3843ecd4de2cdb0aedabd43db9f7a645527b92
SHA512

892ffbc600cccd4374a027e6eb0870fbfbe7a54a27511de853f9d4709c2fc7c2ba6c53067252da97d764e728c7839777c53f1ca36aebcb58596bb2cf59077154
SSDEEP

1536:LKQN5CXoiON46blj0zFUqzrbPYZD6uJmKid3mF6KKC:LNs/Uxj0hUMbPUlwKidWF6KKC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0a6b223b65029d16510ddec5555211bb_JaffaCakes118

Files

0a6b223b65029d16510ddec5555211bb_JaffaCakes118
.dll windows:5 windows x86 arch:x86

13608b0b7d0a283853814e8074d1507a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

psapi

GetModuleFileNameExA

ntdll

NtQueryInformationProcess
isspace
tolower
memset
_chkstk
_snprintf

ws2_32

WSAStartup
ioctlsocket
inet_addr
select
WSAGetLastError
setsockopt
sendto
recv
shutdown
__WSAFDIsSet
gethostbyname
send
WSASocketA
htons
closesocket
WSASetEvent
inet_ntoa
ntohs
socket

advapi32

RegCloseKey
RegEnumKeyA

kernel32

GetTempPathA
GetTempFileNameA
lstrcmpA
SetThreadPriority
ExitThread
DeleteFileA
ReadFile
GetVolumeInformationA
WriteFile
GetTickCount
lstrcpynA
SetFilePointer
CreateFileA
GetComputerNameA
VirtualProtect
VirtualQuery
HeapFree
GetVersionExA
CreateEventA
CreateMutexA
ResetEvent
GetExitCodeThread
EnterCriticalSection
SetLastError
GetLastError
LeaveCriticalSection
VirtualFree
GetSystemInfo
GetFileSize
GetCurrentThread
QueueUserAPC
DisableThreadLibraryCalls
lstrlenA
GetCurrentProcess
GetProcessHeap
InitializeCriticalSection
OpenProcess
Thread32First
Thread32Next
lstrcatA
lstrcmpiA
GetProcAddress
LoadLibraryA
OpenThread
OpenMutexA
WaitForSingleObject
GetModuleFileNameA
GetModuleHandleA
CreateToolhelp32Snapshot
DeleteCriticalSection
GetCurrentThreadId
DuplicateHandle
CloseHandle
GetCurrentProcessId
SuspendThread
ResumeThread
lstrcpyA
HeapAlloc
Sleep

user32

wsprintfA

Sections

.text
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

13608b0b7d0a283853814e8074d1507a

Headers

DLL Characteristics

File Characteristics

Imports

psapi

ntdll

ws2_32

advapi32

kernel32

user32

Sections

.text Size: 65KB - Virtual size: 64KB

.data Size: 6KB - Virtual size: 163KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 65KB - Virtual size: 64KB

.data
Size: 6KB - Virtual size: 163KB

.reloc
Size: 4KB - Virtual size: 3KB