fb4be522c65412a0f847ed0acc9b0897_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fb4be522c65412a0f847ed0acc9b0897_JaffaCakes118
Size

170KB
MD5

fb4be522c65412a0f847ed0acc9b0897
SHA1

5e3268b8917845ddae68b2103c8d82c27f88e485
SHA256

fa95f840bacec545b943a619fb440c7c26d30ff136a9bd08d949ed01eb9cffb0
SHA512

4260372192f1375190627a7518bba25380bd3c1bc2f5f129e2fec7ca007a16d06cdf113c961e477f861fcc940c9a69db674ec48a3cf6dc531d096409b26a99d4
SSDEEP

3072:VTZHPF1T4eUnhZgrJHTEdjrOPjnUAT3G4GZr7gOWmiDTCY9ENzgv7l:VTZvF1T49jgrtyjqPj1TW4GZWmsTZ9EI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fb4be522c65412a0f847ed0acc9b0897_JaffaCakes118

Files

fb4be522c65412a0f847ed0acc9b0897_JaffaCakes118
.exe windows:5 windows x64 arch:x64

e9e323dafb47e6e998af4be1e61244c7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

LoadLibraryW
GetProcAddress
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
CloseHandle
Sleep
CreateThread
LCMapStringW
GetStringTypeW
GetProcessHeap
SetEndOfFile
HeapReAlloc
ReadFile
IsValidCodePage
GetOEMCP
HeapAlloc
GetCommandLineW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetModuleHandleW
ExitProcess
DecodePointer
WriteFile
GetStdHandle
GetModuleFileNameW
HeapSetInformation
GetVersion
HeapCreate
EncodePointer
RaiseException
RtlPcToFileHeader
RtlUnwindEx
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
HeapFree
SetHandleCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
FreeEnvironmentStringsW
GetEnvironmentStringsW
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
CreateFileW
SetFilePointer
WriteConsoleW
MultiByteToWideChar
SetStdHandle
FlushFileBuffers
GetCPInfo
GetACP

ws2_32

WSACleanup
closesocket
send
connect
socket
inet_addr
htons
WSAStartup
WSAGetLastError
recv

Sections

.text
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e9e323dafb47e6e998af4be1e61244c7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ws2_32

Sections

.text Size: 43KB - Virtual size: 43KB

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 6KB - Virtual size: 15KB

.pdata Size: 3KB - Virtual size: 2KB

.rsrc Size: 100KB - Virtual size: 99KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 43KB - Virtual size: 43KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 6KB - Virtual size: 15KB

.pdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 100KB - Virtual size: 99KB

.reloc
Size: 1KB - Virtual size: 1KB