fe959180bdabe4e3b35e0908b80a1500_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fe959180bdabe4e3b35e0908b80a1500_JaffaCakes118
Size

36KB
MD5

fe959180bdabe4e3b35e0908b80a1500
SHA1

b38e457735898525e0abffaa50ab4078123c1c47
SHA256

9ed6eebac4b558f8814f1e255dbaaf6b384245d160fe630949bb859d2d85e039
SHA512

e6a772be6a09094bc66ee46a5f37d8d33651d016eb6ff24111638a7d419d1bf90f154dd0be21af95e5c0e555d7a46cb8a1d42eb8d3e9b317d556cc01d19e0082
SSDEEP

384:1EiHmPBOAw1jsNaqkOtg8Bu1fK94zi7NAoPK:1fGPB0jsbkgg8Bu1fKSzi7RPK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fe959180bdabe4e3b35e0908b80a1500_JaffaCakes118

Files

fe959180bdabe4e3b35e0908b80a1500_JaffaCakes118
.exe .vbs windows:6 windows x86 arch:x86 polyglot

6632a292ce33b3d4b8bc012347c30803

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA

kernel32

GetModuleHandleW
SetUnhandledExceptionFilter
CreateDirectoryA
CloseHandle
GetLastError
WaitForSingleObject
CreateMutexA
GetCurrentProcess
TerminateProcess
CreateThread
CreateProcessA
GetProcAddress
LoadLibraryA
CopyFileA
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
UnhandledExceptionFilter

api-ms-win-core-registry-l1-1-0

RegSetValueExA
RegCreateKeyExA
RegCloseKey

ws2_32

inet_addr
setsockopt
sendto
socket
htons
shutdown

winhttp

WinHttpConnect
WinHttpCloseHandle
WinHttpOpen
WinHttpOpenRequest
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpSetTimeouts
WinHttpQueryDataAvailable
WinHttpReadData

vcruntime140

memset
strstr
strrchr
_except_handler4_common

api-ms-win-crt-heap-l1-1-0

malloc
free
_set_new_mode

api-ms-win-crt-utility-l1-1-0

rand

api-ms-win-crt-convert-l1-1-0

atoi
mbstowcs

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_c_exit
_cexit
_initialize_onexit_table
_register_onexit_function
_get_narrow_winmain_command_line
_crt_atexit
_controlfp_s
terminate
_initterm
__p___argv
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_exe
exit
_initterm_e
_set_app_type
_exit

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-stdio-l1-1-0

fwrite
fopen
fclose
_set_fmode
__p__commode

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6632a292ce33b3d4b8bc012347c30803

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

api-ms-win-core-registry-l1-1-0

ws2_32

winhttp

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 24KB - Virtual size: 24KB

.data Size: 512B - Virtual size: 1KB

.gfids Size: 512B - Virtual size: 32B

.reloc Size: 1024B - Virtual size: 952B

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 512B - Virtual size: 1KB

.gfids
Size: 512B - Virtual size: 32B

.reloc
Size: 1024B - Virtual size: 952B