919bc64e87eea0fedddc6241312f341a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

919bc64e87eea0fedddc6241312f341a_JaffaCakes118
Size

220KB
MD5

919bc64e87eea0fedddc6241312f341a
SHA1

6f3ab835215db7be6942bdcb9e171082dc0db4aa
SHA256

fadbc51debc5aec4ce1264bdab8a972a8748b12e7453dadd6a1fb8d5ae04b710
SHA512

1b1259eb94b0a055bab67ddd4f819b467ca4e6fa15645dda6ac9cdd9130eb418240c968ad390900c6942c0f526a05e3dc10ec0b0271834dc71cacf7dc9e0fd24
SSDEEP

3072:KSW1Ss5sILlL2fDxORw4usdjSG7O+b71RhMxK/L6dSrlrkElz9ldoLB9z:7c5sIJL2fD8DJbRXAHB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
919bc64e87eea0fedddc6241312f341a_JaffaCakes118

Files

919bc64e87eea0fedddc6241312f341a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e0430138f400efe220878b0cbf1db846

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSACleanup
WSAStartup
gethostname
closesocket
send
select
recv
htons
getservbyname
ioctlsocket
gethostbyname
socket
setsockopt
connect
WSAGetLastError
inet_ntoa
getsockopt
ntohl
htonl

kernel32

SetEnvironmentVariableA
GetOEMCP
GetACP
CompareStringW
CompareStringA
SetEndOfFile
GetStringTypeW
WriteFile
ReadFile
GetStdHandle
CloseHandle
GetLastError
CreateFileW
GetVersionExW
GetTickCount
QueryPerformanceCounter
QueryPerformanceFrequency
GetEnvironmentVariableW
GetVersion
GetFileType
GetFileSize
FindClose
FindNextFileW
FindFirstFileW
SetFilePointer
Sleep
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetLocalTime
lstrcmpiW
GetProcAddress
LoadLibraryW
FreeLibrary
GetModuleHandleW
GetComputerNameW
HeapFree
HeapAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
InterlockedDecrement
InterlockedIncrement
GetSystemTime
WideCharToMultiByte
HeapReAlloc
RaiseException
HeapSize
InitializeCriticalSection
DeleteCriticalSection
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetHandleCount
GetStartupInfoA
FlushFileBuffers
UnhandledExceptionFilter
GetModuleFileNameW
FreeEnvironmentStringsA
MultiByteToWideChar
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetEnvironmentStrings
GetCommandLineW
GetCommandLineA
GetModuleFileNameA
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
SetStdHandle
IsBadReadPtr
IsBadCodePtr
GetCPInfo
LoadLibraryA
GetStringTypeA

advapi32

RegQueryValueExW
RegEnumKeyExW
RegOpenKeyExW
RegEnumValueW
RegDeleteValueW
RegCloseKey
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW

Sections

.text
Size: 136KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e0430138f400efe220878b0cbf1db846

Headers

File Characteristics

Imports

wsock32

kernel32

advapi32

Sections

.text Size: 136KB - Virtual size: 132KB

.rdata Size: 64KB - Virtual size: 60KB

.data Size: 12KB - Virtual size: 81KB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 136KB - Virtual size: 132KB

.rdata
Size: 64KB - Virtual size: 60KB

.data
Size: 12KB - Virtual size: 81KB

.rsrc
Size: 4KB - Virtual size: 1KB