e835521b9837df2235fb5a48276a28dd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e835521b9837df2235fb5a48276a28dd_JaffaCakes118
Size

206KB
MD5

e835521b9837df2235fb5a48276a28dd
SHA1

b4fc956c56c5199984a37c43dd61c3125a3b898e
SHA256

1d684209862acabeb76aea85bbf1205014224421620fe57c74a1b75317b60856
SHA512

606cca598391cd3e5449f8ff0f82ab531c461d314d6c287302aa58496f40855b85fa77c200c3f90b101b5890dfc2c1683f1a854706c210f5b78143eb6ecf3229
SSDEEP

3072:z3Ij0TxWnBQnFseEMBNmh/x/GsenjtISPFaOTK3f7ZyUptz8Qciz:z3cDCFoM2FN8nawY/3f7ZyUp5P

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e835521b9837df2235fb5a48276a28dd_JaffaCakes118

Files

e835521b9837df2235fb5a48276a28dd_JaffaCakes118
.exe windows:4 windows x86 arch:x86

46972d7c596645cc022da8017df371be

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FlushFileBuffers
CreateEventW
GetTempFileNameA
GetVersion
LocalAlloc
LocalFree
DeviceIoControl
WaitForSingleObject
GetCurrentProcess
GetTempPathW
LoadLibraryW
RemoveDirectoryW
CreateDirectoryA
ResetEvent
WaitForMultipleObjects
VirtualFree
VirtualProtect
VirtualAlloc
GetCurrentThreadId
GetCommandLineA
GetModuleHandleA
GetProfileStringW
LockResource
FindResourceA
FreeResource
GetDateFormatA
MoveFileExA
CreateFileW
GetLocalTime
GetSystemTime
QueryPerformanceCounter
DeleteFileW
GetVolumeInformationA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoA
MultiByteToWideChar
GetSystemTimeAsFileTime
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoA
SetUnhandledExceptionFilter
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
HeapDestroy
HeapCreate
GetTickCount
GetCurrentProcessId
LeaveCriticalSection
EnterCriticalSection
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
LoadLibraryA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
Sleep
HeapReAlloc
RtlUnwind
HeapSize

gdi32

CreateSolidBrush
CreateRectRgnIndirect
Rectangle
RestoreDC
SaveDC
ExtTextOutA
CreateFontIndirectA
StartDocA
EndPage
CreatePatternBrush

ws2_32

WSAStartup
WSACleanup
getsockopt
htonl
getservbyname
htons
ntohs
recv
send
recvfrom
WSAAddressToStringA
WSAWaitForMultipleEvents
WSAEnumNetworkEvents

Sections

.text
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 83KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

46972d7c596645cc022da8017df371be

Headers

File Characteristics

Imports

kernel32

gdi32

ws2_32

Sections

.text Size: 120KB - Virtual size: 119KB

.data Size: 83KB - Virtual size: 86KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 120KB - Virtual size: 119KB

.data
Size: 83KB - Virtual size: 86KB

.rsrc
Size: 1KB - Virtual size: 1KB