17ba1385a77fcb67d4060d647176bba4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

17ba1385a77fcb67d4060d647176bba4_JaffaCakes118
Size

133KB
MD5

17ba1385a77fcb67d4060d647176bba4
SHA1

e2db26639322d5ddcd080ec1d5c03c44ff2efb38
SHA256

b93da39947736070ead541d0973e723a4241bb672fac7fd09c30d06644f9069d
SHA512

9117921d97547815442fab7d8448c08c1857f448488d68bbd524ee5103da9ccf8f7e55de068c8dd7d390053eddc6ca4b439c26b2ef06b99e7e98171c5cc2dc0d
SSDEEP

3072:ZbpCrqT8+7cNnw6wOOPdYSHkVqsgD/lqqvQWUzlo5l:Rpi08+7cN0XHLsgDsvzq5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
17ba1385a77fcb67d4060d647176bba4_JaffaCakes118

Files

17ba1385a77fcb67d4060d647176bba4_JaffaCakes118
.dll windows:5 windows x86 arch:x86

f71fa1a7cf46b2f1fe836d87d01a7c2c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

WSASetLastError
getservbyport
ntohs
gethostbyaddr
getservbyname
htons
inet_addr
WSAGetLastError
htonl
inet_ntoa
socket
connect
sendto
closesocket
setsockopt
send
gethostbyname
WSAStartup
gethostname
WSACleanup

kernel32

WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
ReadFile
GetProcessHeap
SetEndOfFile
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
SetFilePointer
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetEnvironmentVariableA
CompareStringW
HeapDestroy
Sleep
CreateProcessA
GetStdHandle
CloseHandle
DuplicateHandle
GetCurrentProcess
CreatePipe
GetConsoleScreenBufferInfo
CreateFileA
GetFileAttributesA
DeleteFileA
GetProcAddress
LoadLibraryA
FreeLibrary
GetTickCount
SetLastError
GetSystemDirectoryA
RtlUnwind
GetLastError
HeapFree
HeapAlloc
GetCurrentProcessId
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
GetCommandLineA
HeapReAlloc
SetStdHandle
GetFileType
HeapCreate
VirtualFree
DeleteCriticalSection
VirtualAlloc
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
ExitProcess
WriteFile
GetModuleFileNameA
RaiseException
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WideCharToMultiByte
SetHandleCount
GetStartupInfoA
GetModuleHandleA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
MultiByteToWideChar
LCMapStringW
InitializeCriticalSectionAndSpinCount
HeapSize
CompareStringA

Exports

Exports

DspyImageClose
DspyImageData
DspyImageOpen
DspyImageQuery

Sections

.text
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text1
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f71fa1a7cf46b2f1fe836d87d01a7c2c

Headers

File Characteristics

Imports

ws2_32

kernel32

Exports

Exports

Sections

.text Size: 97KB - Virtual size: 96KB

.text1 Size: 512B - Virtual size: 32B

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 8KB - Virtual size: 17KB

.data1 Size: 512B - Virtual size: 240B

.reloc Size: 10KB - Virtual size: 9KB

.text
Size: 97KB - Virtual size: 96KB

.text1
Size: 512B - Virtual size: 32B

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 8KB - Virtual size: 17KB

.data1
Size: 512B - Virtual size: 240B

.reloc
Size: 10KB - Virtual size: 9KB