JaffaCakes118_470e48e694a15580ce8a760a4b2426c0

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_470e48e694a15580ce8a760a4b2426c0
Size

100KB
MD5

470e48e694a15580ce8a760a4b2426c0
SHA1

7cd9b30cd569c1fdc4b81182fa2c5c12412b7c29
SHA256

819d1c4fe22e63bb9354a5f988b7595f8ed9b4657cbb88cb0a0a5a7f9fe42c4b
SHA512

f5c9e726c2b06104b77338732e18b3575bffd927b7d0c2f7bc313c4426c3298c9dea425271956d1d8d3dbfe41e8e9ded3c8c8e31c7e81cf770c439ce151e1a94
SSDEEP

1536:tyZYcdznGFrLABVjbPuOaUJelpx6EXqcudY3khbQdUUFPB9SsDmo71X/KYHd:yre3ABVjbPuOadx6HoVD59Ss60dyYHd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_470e48e694a15580ce8a760a4b2426c0

Files

JaffaCakes118_470e48e694a15580ce8a760a4b2426c0
.dll windows:4 windows x86 arch:x86

669b5bb35562823bab8fe52b1fda2e3d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord2764
ord2818
ord3663
ord5440
ord6383
ord823
ord5450
ord6394
ord1799
ord614
ord2623
ord290
ord4226
ord2486
ord4003
ord1601
ord539
ord4278
ord2985
ord826
ord600
ord1578
ord6467
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord537
ord5683
ord4129
ord535
ord540
ord860
ord356
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord3953
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord2770
ord1116
ord1176
ord1575
ord1168
ord2781
ord4058
ord3178
ord2915
ord800
ord924
ord858
ord668
ord269

msvcrt

??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
_onexit
__dllonexit
_EH_prolog
malloc
free
strstr
wprintf
_stricmp
__CxxFrameHandler
printf
sprintf
_strnicmp
_strupr

kernel32

LocalFree
SetLastError
LoadLibraryA
GetProcAddress
FreeLibrary
Sleep
GetWindowsDirectoryA
OutputDebugStringA
CloseHandle
GetCurrentThreadId
CreateToolhelp32Snapshot
Process32First
ProcessIdToSessionId
Process32Next
OpenProcess
GetLastError
GetModuleFileNameA
CreateDirectoryA
CopyFileA
GetVersionExA
LocalAlloc

user32

GetUserObjectInformationA
GetThreadDesktop
GetProcessWindowStation

advapi32

RegOpenKeyA
GetTokenInformation
LookupAccountSidA
OpenProcessToken
LookupPrivilegeValueA
DuplicateTokenEx
SetTokenInformation
AdjustTokenPrivileges
RegSetValueExA
RegQueryValueExA
QueryServiceStatus
CloseServiceHandle
OpenServiceA
OpenSCManagerA
RegOpenKeyExA
RegCloseKey

shell32

ShellExecuteA

ole32

CoCreateInstance
CoInitializeSecurity
CoUninitialize
CoInitialize

oleaut32

VariantClear
VariantInit
SysFreeString

wsock32

ioctlsocket
gethostbyname
WSAStartup
gethostbyaddr
WSACleanup

wtsapi32

WTSQueryUserToken

iphlpapi

GetAdaptersInfo
GetIfTable
GetIfEntry

wininet

InternetGetConnectedStateEx

Exports

Exports

CheckICS
Get_Hi_Speed_Adapter
ICS_Disable
ICS_GetConn
ICS_GetInetConnWithoutRtlWlan
ICS_GetShare
ICS_LinkStatusCheck
ICS_Reset
ICS_SetFirewall
ICS_SetShare
ICS_WriteConn

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

669b5bb35562823bab8fe52b1fda2e3d

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

advapi32

shell32

ole32

oleaut32

wsock32

wtsapi32

iphlpapi

wininet

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 2KB

.rmnet Size: 60KB - Virtual size: 60KB

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 2KB

.rmnet
Size: 60KB - Virtual size: 60KB