0b55116f41770b46fbdcaebb1ce71035_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0b55116f41770b46fbdcaebb1ce71035_JaffaCakes118
Size

128KB
MD5

0b55116f41770b46fbdcaebb1ce71035
SHA1

993011e44408cad6ce599520eb06696cd5e49d40
SHA256

93bd6432a9f72f7fb99e702243ef8117840c8bbf0931abe4e4585afca266f736
SHA512

8704bf58999c29fbb7e08a527b5abf016ed69ff61d3cf24dd1f0519759cde612e9eca36e8b4844b493fa59f4a6516b6c807e2191ddb3048779922e1ca0bc39ef
SSDEEP

3072:CRsPGVIDD/kCjHhaND+no3hZax3ll2hXQ:CRJqDTkeaNDu6ja1m5Q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b55116f41770b46fbdcaebb1ce71035_JaffaCakes118

Files

0b55116f41770b46fbdcaebb1ce71035_JaffaCakes118
.dll windows:4 windows x86 arch:x86

fdb2e293c602ae2ae20692ea04cea013

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wtsapi32

WTSEnumerateProcessesA

kernel32

GetFileSize
CreateFileA
CreateFileMappingA
OpenFileMappingA
GetCurrentProcessId
CreateThread
GetModuleFileNameA
GetComputerNameA
GetLocalTime
UnmapViewOfFile
MapViewOfFile
CloseHandle
WriteFile
DeleteFileA
FindClose
FindNextFileA
FindFirstFileA
GetDriveTypeA
ReadFile
SetFilePointer
LockFile
GetSystemDirectoryA
CreateDirectoryA
GetWindowsDirectoryA
TerminateProcess
CreateProcessA
GetFileAttributesA
ReleaseMutex
WaitForSingleObject
SetFileTime
GetFileTime
GetVersion
FileTimeToSystemTime
GetFileInformationByHandle
SystemTimeToFileTime
GetTickCount
HeapSize
SetEndOfFile
Sleep
ExitThread
LoadLibraryA
GetProcAddress
CompareStringW
GetLastError
SetEnvironmentVariableA
GetLocaleInfoA
GetSystemInfo
VirtualProtect
GetTimeZoneInformation
GetStringTypeW
CompareStringA
GetStringTypeA
FlushFileBuffers
SetStdHandle
VirtualQuery
InterlockedExchange
IsBadCodePtr
IsBadReadPtr
RtlUnwind
ExitProcess
HeapFree
HeapAlloc
FileTimeToLocalFileTime
GetCommandLineA
GetVersionExA
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
GetModuleHandleA
GetCurrentProcess
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetACP
GetOEMCP
GetCPInfo
GetFullPathNameA
GetCurrentDirectoryA
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter

user32

GetDesktopWindow

advapi32

RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
LookupAccountSidA
RegCreateKeyExA

wininet

DeleteUrlCacheEntry

ws2_32

listen
accept
ntohs
recv
send
closesocket
WSAStartup
bind
socket
__WSAFDIsSet
select

Sections

.text
Size: 84KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.plugins
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fdb2e293c602ae2ae20692ea04cea013

Headers

File Characteristics

Imports

wtsapi32

kernel32

user32

advapi32

wininet

ws2_32

Sections

.text Size: 84KB - Virtual size: 80KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 12KB - Virtual size: 17KB

.plugins Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 16B

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 84KB - Virtual size: 80KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 12KB - Virtual size: 17KB

.plugins
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 16B

.reloc
Size: 8KB - Virtual size: 4KB