3beebc87688edc28c33bb08796c78a35_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3beebc87688edc28c33bb08796c78a35_JaffaCakes118
Size

305KB
MD5

3beebc87688edc28c33bb08796c78a35
SHA1

5bff6601c75d2eac82dd8cfe48bf36dd76101583
SHA256

e411d70d16f745502db11d53142a44211ab3179199042ea894b52cb260acd864
SHA512

a70a9dd5948b9f0feb57ccd9d5227d99d5122dcff4d95919a6dc3d8c0bac4d56ae93834245f0ac86207d5268565631a2b2d5841dff94f58697f26b7761028488
SSDEEP

6144:Icwhe/RbBT6NOrsnNhL8fCoq+ZZAwUHJBLU5hrijWTzWwPV:seFBT6NLrofPewcJBLUXPbPV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3beebc87688edc28c33bb08796c78a35_JaffaCakes118

Files

3beebc87688edc28c33bb08796c78a35_JaffaCakes118
.dll windows:4 windows x86 arch:x86

0c338689336e34698bf8ead86d2d30f3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wsock32

recv
accept
inet_addr
bind
listen
getsockname
htonl
ntohs
WSACleanup
send
WSACancelBlockingCall
WSAStartup
closesocket
ioctlsocket
htons
socket
connect
gethostbyname
WSAGetLastError

kernel32

SetEndOfFile
RaiseException
GetLocaleInfoW
GetLocaleInfoA
LoadLibraryA
FlushFileBuffers
SetStdHandle
VirtualAlloc
GetStringTypeW
GetStringTypeA
VirtualFree
GetModuleFileNameA
HeapDestroy
HeapAlloc
HeapCreate
Sleep
FreeLibrary
GetProcessHeap
CreateThread
CloseHandle
ReadFile
CreateFileA
WriteFile
SetFilePointer
DeleteFileA
GetFileSize
GetTickCount
FindClose
FindNextFileA
FindFirstFileA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
HeapFree
TlsSetValue
LeaveCriticalSection
GetLastError
ResumeThread
ExitThread
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
GetProcAddress
GetModuleHandleA
GetVersion
GetCPInfo
GetACP
GetOEMCP
GetCurrentThreadId
TlsAlloc
TlsFree
SetLastError
TlsGetValue
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
RtlUnwind
MultiByteToWideChar
WideCharToMultiByte
LCMapStringA
LCMapStringW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection

user32

FindWindowA
EnumWindows
GetWindowTextA
SendMessageA
MessageBoxA
RegisterWindowMessageA
PostMessageA

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExA

shell32

ShellExecuteA

Exports

Exports

InitStdio
MyMain
SendCancel
Troubleshoot

Sections

.text
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 165KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0c338689336e34698bf8ead86d2d30f3

Headers

File Characteristics

Imports

wsock32

kernel32

user32

advapi32

shell32

Exports

Exports

Sections

.text Size: 101KB - Virtual size: 101KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 24KB - Virtual size: 108KB

.reloc Size: 7KB - Virtual size: 7KB

.text Size: 165KB - Virtual size: 168KB

.text
Size: 101KB - Virtual size: 101KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 24KB - Virtual size: 108KB

.reloc
Size: 7KB - Virtual size: 7KB

.text
Size: 165KB - Virtual size: 168KB