f04bbee5e1a682e7c4d55045c8391885_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f04bbee5e1a682e7c4d55045c8391885_JaffaCakes118
Size

64KB
MD5

f04bbee5e1a682e7c4d55045c8391885
SHA1

35ac1eb96e32115e5410c3e268027013ff879b7e
SHA256

7163ab46a8b7dafb19e78a9b7afe15b3d7791b83c6b61ab6aebf50ed9ada2cb0
SHA512

1aae111691bbcb6db7d90cf24d0b76cde978ed5278da44b9d753144a22accc36bebb2531e5f3ab6e0a80940e9526e6e80e32581b5e9c6f25d5b82e5de0206c83
SSDEEP

1536:aBvx4ddlidjpIgSlsGfewDk4FOrw3cg0DdmZ:aBvx4vWpdSlTT80sNDdmZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f04bbee5e1a682e7c4d55045c8391885_JaffaCakes118

Files

f04bbee5e1a682e7c4d55045c8391885_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cea63cf753dcd1ed72ebed6b0e008cd4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
GetLastError
CloseHandle
CreateThread
CreateMutexA
WaitForSingleObject
ReleaseMutex
WaitForMultipleObjects
GetTickCount
CreateEventA
SetEvent
GetVersionExA
GetSystemInfo
VirtualProtect
LCMapStringW
LCMapStringA
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
GetLocaleInfoA
GetCPInfo
GetOEMCP
GetACP
IsBadCodePtr
IsBadReadPtr
InitializeCriticalSection
VirtualQuery
InterlockedExchange
LoadLibraryA
GetFileType
SetHandleCount
ExitProcess
HeapFree
HeapReAlloc
HeapAlloc
RaiseException
RtlUnwind
GetSystemTimeAsFileTime
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetModuleFileNameA
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
TerminateProcess
GetCurrentProcess
HeapSize
WriteFile
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW

advapi32

RegQueryValueExA
RegSetValueExA
RegCloseKey
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyExA

ws2_32

htons
WSAStartup
inet_addr
bind
WSAGetLastError
WSACleanup
send
shutdown
closesocket
listen
inet_ntoa
gethostbyname
socket
connect
WSAEventSelect
htonl
accept
recv

iphlpapi

GetIpAddrTable

wininet

InternetOpenA
InternetQueryOptionA
InternetSetOptionA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetReadFile
InternetCloseHandle

Sections

.text
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cea63cf753dcd1ed72ebed6b0e008cd4

Headers

File Characteristics

Imports

kernel32

advapi32

ws2_32

iphlpapi

wininet

Sections

.text Size: 40KB - Virtual size: 37KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 5KB

.text
Size: 40KB - Virtual size: 37KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 5KB