37a0e9fa2d923f821ba64c69b1ffc9dc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

37a0e9fa2d923f821ba64c69b1ffc9dc_JaffaCakes118
Size

47KB
MD5

37a0e9fa2d923f821ba64c69b1ffc9dc
SHA1

5e5d303218dbd96850fddf3e36e8ce64db25c252
SHA256

ac8bb03c9b704d55a966d0a3c106aa73afa0e93662c75c59339f68c4bbfcacae
SHA512

51f7faecba46f1869ebf0e8753048812d16cc537f43ad17a962db8207c1ecb3d06ae56f005fe5331f00ae969f419f4a98f369367639c04c0a5c04c508d1d1eed
SSDEEP

768:9ewl5E9tudRJHzLmSzJQD2nSo/Oo1QHMqv3QPyCujP9L1sOXItVGeEBziz0J:JUwHzLWD2nSzIQZLjh1TSVGNB2IJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
37a0e9fa2d923f821ba64c69b1ffc9dc_JaffaCakes118

Files

37a0e9fa2d923f821ba64c69b1ffc9dc_JaffaCakes118
.dll windows:4 windows x86 arch:x86

a1a91521c5b35036564c3e716531ea87

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetDateFormatA
GetTimeFormatA
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
GetSystemTime
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileSize
CreateFileA
FindClose
FindNextFileA
GetTickCount
GetEnvironmentVariableA
VirtualQuery
WaitForSingleObject
CreateEventA
MoveFileExA
CopyFileA
GetTempFileNameA
GetTempPathA
GetSystemDirectoryA
LocalFree
LocalAlloc
SetLastError
lstrcpyA
lstrlenA
ExpandEnvironmentStringsA
GetWindowsDirectoryA
GetVersion
GetVolumeInformationA
GetLastError
DisableThreadLibraryCalls
GetModuleFileNameA
Sleep
LoadLibraryA
GetProcAddress
FreeLibrary
CreateProcessA
VirtualAllocEx
VirtualAlloc
GetThreadContext
WriteProcessMemory
VirtualFree
SetThreadContext
FindFirstFileA
ResumeThread

advapi32

RegCreateKeyA
RegQueryValueExA
OpenProcessToken
ImpersonateLoggedOnUser
RevertToSelf
GetTokenInformation
LookupAccountSidA
RegCloseKey
RegNotifyChangeKeyValue
RegSetValueExA
RegEnumKeyExA
RegOpenKeyExA
RegEnumKeyA

msvcr71

?terminate@@YAXXZ
_except_handler3
__CppXcptFilter
_adjust_fdiv
_initterm
_onexit
__dllonexit
??1type_info@@UAE@XZ
_stricmp
isalnum
strncpy
strrchr
_mbslwr
strcmp
printf
strcat
_strlwr
strstr
??_U@YAPAXI@Z
??_V@YAXPAX@Z
strchr
atoi
strcpy
rand
??2@YAPAXI@Z
??3@YAXPAX@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
_CxxThrowException
??0exception@@QAE@ABV0@@Z
_beginthread
__CxxFrameHandler
free
malloc
_snprintf
strlen
realloc
time
srand
memset
memcpy
strncmp

ntdll

NtFreeVirtualMemory
NtQuerySystemInformation
NtAllocateVirtualMemory
_itoa
NtOpenProcess
NtClose

ws2_32

socket
setsockopt
inet_addr
htons
gethostbyname
shutdown
closesocket
recv
WSAStartup
gethostname
WSAGetLastError
select
connect
ioctlsocket
inet_ntoa
send

dnsapi

DnsQuery_A
DnsRecordListFree

msvcp71

??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIPBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z

mapi32

ord21
ord75
ord17
ord129
ord140
ord23
ord135
ord19
ord138
ord11

Exports

Exports

Initialize
Launch
StartProcessAtWinLogon
StopProcessAtWinLogoff

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.newsec
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a1a91521c5b35036564c3e716531ea87

Headers

File Characteristics

Imports

kernel32

advapi32

msvcr71

ntdll

ws2_32

dnsapi

msvcp71

mapi32

Exports

Exports

Sections

.text Size: 33KB - Virtual size: 33KB

.reloc Size: 4KB - Virtual size: 3KB

.newsec Size: 9KB - Virtual size: 9KB

.text
Size: 33KB - Virtual size: 33KB

.reloc
Size: 4KB - Virtual size: 3KB

.newsec
Size: 9KB - Virtual size: 9KB