3c36a49607bc6999e9a639c6f9df3163_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3c36a49607bc6999e9a639c6f9df3163_JaffaCakes118
Size

35KB
MD5

3c36a49607bc6999e9a639c6f9df3163
SHA1

a47132b54b9e378d41fc25e9e0194cec84d53576
SHA256

d9ff7b90d1a85440eb82804640fd71a5036a42318cffee9b87bdc720e676b07a
SHA512

3918694bcf48f7ef3edefbd8ece9038ec4846cde201b85579a9fc4a7a70b18b4742bbe1045c98a7567767df57f5be1c56872f5f97f0f7e39bdcec65608a86d35
SSDEEP

768:3zJnWgwvMQCWmkagBs586DPvVi2JT7wwsAc:33IHmkJBQ86Ldi2JT9sF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3c36a49607bc6999e9a639c6f9df3163_JaffaCakes118

Files

3c36a49607bc6999e9a639c6f9df3163_JaffaCakes118
.dll windows:4 windows x86 arch:x86

07b09338b2fff65622356aad89605d1e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapAlloc
lstrlenA
ReadFile
WriteFile
GetTickCount
CreateFileA
SetLastError
SetFilePointer
CloseHandle
GetFileSize
HeapReAlloc
LeaveCriticalSection
EnterCriticalSection
SetFileTime
DeleteFileA
MultiByteToWideChar
lstrcatA
HeapDestroy
FindClose
FindNextFileA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
SystemTimeToTzSpecificLocalTime
GetSystemTime
HeapFree
FindFirstFileA
GetFullPathNameA
GetFileTime
GetFileAttributesA
GetDriveTypeA
GetLogicalDriveStringsA
SetEndOfFile
Sleep
ReleaseMutex
CreateMutexA
TerminateThread
SystemTimeToFileTime
SetCurrentDirectoryA
GetSystemDirectoryA
lstrcmpA
HeapSize
Process32Next
Process32First
CreateToolhelp32Snapshot
CreateProcessA
TerminateProcess
OpenProcess
lstrlenW
LocalFree
CreateThread
HeapCreate
InitializeCriticalSection
LoadLibraryA
WaitForSingleObject
FreeLibrary
DeleteCriticalSection
GetProcAddress
FileTimeToSystemTime
GetLastError

user32

wvsprintfA
CharUpperA

advapi32

RegEnumValueA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegQueryInfoKeyA
RegDeleteValueA
RegEnumKeyExA

ole32

CoInitialize
CoTaskMemFree

ws2_32

htons
connect
closesocket
socket
send
gethostbyname
inet_ntoa
WSAStartup
WSACleanup
recv
inet_addr
WSAGetLastError

shlwapi

StrDupA
StrToIntExA
StrToIntA

mpr

WNetCloseEnum
WNetOpenEnumA
WNetEnumResourceA

msvcrt

malloc
_initterm
free
isalpha
strstr
vsprintf
_local_unwind2
_except_handler3
_adjust_fdiv
??2@YAPAXI@Z
??3@YAXPAX@Z
sprintf
memmove
srand
rand
strchr
atoi
__CxxFrameHandler

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

07b09338b2fff65622356aad89605d1e

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

ws2_32

shlwapi

mpr

msvcrt

Sections

.text Size: 29KB - Virtual size: 28KB

.data Size: 3KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 29KB - Virtual size: 28KB

.data
Size: 3KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 2KB