f8dcfeab1bb3dfba3c58ed2759ea0f07_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f8dcfeab1bb3dfba3c58ed2759ea0f07_JaffaCakes118
Size

375KB
MD5

f8dcfeab1bb3dfba3c58ed2759ea0f07
SHA1

a9814f23d3a7637e1065021904eaa1f3ba215e3e
SHA256

d00f5681c13190518b202bffe24a9e604fc67ff841eef94c9c0622b5cc9e2159
SHA512

560b3c1dd03ede8e30aaa1ef91dd244875bfdac05d45ed8ee01a5c045be00c08a853aff11230bd809e78c073641b9f13d3111910a349a927bf39eba30699bce7
SSDEEP

6144:2cHvm4Rkut9/p8aystqByvlBrhopvWA8FuSAzr+mSQTb7k58RqOtkU7d:JvEu/p8IFBGpuA9SAz6mJTvk5nEH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f8dcfeab1bb3dfba3c58ed2759ea0f07_JaffaCakes118

Files

f8dcfeab1bb3dfba3c58ed2759ea0f07_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c920f9139fa65fe199916b66c614085b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

dnsapi

DnsReplaceRecordSetW

userenv

RsopSetPolicySettingStatus

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance
CoTaskMemFree

mswsock

GetAcceptExSockaddrs
AcceptEx

kernel32

UnhandledExceptionFilter
GetProcessVersion
FindFirstFileW
GetDriveTypeW
TlsSetValue
TlsGetValue
CreateThread
FindClose
GetModuleHandleW
GetVolumeInformationW
lstrcpyW
EnterCriticalSection
GlobalReAlloc
ResetEvent
GetCurrentDirectoryW
GetUserDefaultLCID
LocalReAlloc
lstrcmpiW
GetFullPathNameW
InterlockedCompareExchange
FormatMessageW
SetEvent
WideCharToMultiByte
FindResourceA
DisableThreadLibraryCalls
InterlockedIncrement
TerminateProcess
SetLastError
GetCurrentProcess
SetUnhandledExceptionFilter
WaitForSingleObject
GetFileAttributesW
GetCurrentProcessId
FindNextFileW
CreateFileW
GetCurrentThreadId
InterlockedDecrement
lstrlenA
LocalSize
SetCurrentDirectoryW
GetModuleFileNameW
GetModuleHandleA
CreateEventW
TlsFree
GetSystemTimeAsFileTime
CloseHandle
GetSystemDefaultUILanguage
GlobalUnlock
GlobalFree
LocalFree
GetShortPathNameW
FindResourceExW
GetACP
MulDiv
SetErrorMode
lstrlenW
LoadLibraryA
GlobalLock
MultiByteToWideChar
GetLastError
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
DelayLoadFailureHook
GetProcAddress
GetTickCount
FreeResource
LeaveCriticalSection
LoadLibraryW
FreeLibraryAndExitThread
DeleteCriticalSection
GlobalAlloc
LockResource
SizeofResource
lstrcmpW
InterlockedExchange
lstrcpynW
QueryPerformanceCounter
GetVersionExA
ExpandEnvironmentStringsW
TlsAlloc
FindResourceW
lstrcpyA
DeleteFileW
GetProfileStringW
LoadResource
GetTempFileNameW
FreeLibrary
LocalAlloc

ntdll

RtlAnsiStringToUnicodeString
RtlUnicodeToMultiByteSize
RtlInitUnicodeStringEx
RtlUnwind
NtQueryVirtualMemory
toupper
RtlUnicodeStringToAnsiString
_vsnwprintf
_wcsicmp
wcslen
RtlIsNameLegalDOS8Dot3
NtAllocateVirtualMemory

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 236KB - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c920f9139fa65fe199916b66c614085b

Headers

File Characteristics

Imports

dnsapi

userenv

ole32

mswsock

kernel32

ntdll

Sections

.text Size: 11KB - Virtual size: 10KB

.rsrc Size: 236KB - Virtual size: 236KB

.rdata Size: 123KB - Virtual size: 122KB

.data Size: 4KB - Virtual size: 1.2MB

.text
Size: 11KB - Virtual size: 10KB

.rsrc
Size: 236KB - Virtual size: 236KB

.rdata
Size: 123KB - Virtual size: 122KB

.data
Size: 4KB - Virtual size: 1.2MB