433b9d56faa618fab69e7aa0c83f2621_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

433b9d56faa618fab69e7aa0c83f2621_JaffaCakes118
Size

48KB
MD5

433b9d56faa618fab69e7aa0c83f2621
SHA1

c6be0c74b5e3188352563d2c6e687cd1f8a62eeb
SHA256

ddf7beb1038b5ba9e469ae05241022383640740e67d5af0e2e4a3e85ecda8fe8
SHA512

8f679d7c7d4e83f153087346ff0eb7b21fa4f8251f6fd859f072f40ccdd5d9a461fa5cbc2d2fcc1619980010cbf490ff1c878b852ab1d03f96bede60df8514c8
SSDEEP

384:kyeFrx7+fl5u9/RjTuiSc2UZqLKyTdpu2y/szf9ml9lgItubk3nxwOnoaowiz:ky67C8pui8MSJTdvqofggItx3xnno7z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
433b9d56faa618fab69e7aa0c83f2621_JaffaCakes118

Files

433b9d56faa618fab69e7aa0c83f2621_JaffaCakes118
.dll windows:4 windows x86 arch:x86

9cc398c313e48978ef50c8fe38f12d55

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
GetVersionExA
WriteFile
SetFilePointer
CreateFileA
GetSystemDirectoryA
SetFileTime
GetFileTime
GetDiskFreeSpaceExA
GetWindowsDirectoryA
GetLocalTime
ReadFile
GetFileSize
CopyFileA
FindClose
VirtualAllocEx
SetFileAttributesA
CreateDirectoryA
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileA
lstrcatA
Sleep
CreateThread
GetSystemTime
GetDriveTypeA
GetModuleFileNameA
FlushFileBuffers
SetStdHandle
GetStringTypeW
WriteProcessMemory
GetModuleHandleA
GetProcAddress
CreateRemoteThread
VirtualFreeEx
WaitForSingleObject
GetCurrentProcess
FindNextFileA
CloseHandle
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
GetVersion
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
HeapFree
HeapAlloc
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
TerminateProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
GetCPInfo
VirtualAlloc
HeapReAlloc
RtlUnwind
GetACP
GetOEMCP
LoadLibraryA
GetStringTypeA

user32

CreateWindowExA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
RegisterClassA

advapi32

RegSetValueExA
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA

Exports

Exports

InstallSniffer
RunSniffer

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9cc398c313e48978ef50c8fe38f12d55

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 25KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 10KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 28KB - Virtual size: 25KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 10KB

.reloc
Size: 4KB - Virtual size: 3KB