0116e0d792869aafe38eb1ead10761fe_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0116e0d792869aafe38eb1ead10761fe_JaffaCakes118
Size

249KB
MD5

0116e0d792869aafe38eb1ead10761fe
SHA1

98ba2b7503d4422accd2efca3165a2180623e120
SHA256

1e1d1120f267f61f7db8d5b9d5a622ebdece11f208a07ba4611ae9861474a685
SHA512

aa571a51ea6ae60ec20ab3f8af122279afd0107ee941e2d4750fc34d77f935aa0d6173e8446f6c163b3861d90c2d044b89ee664fdd0a1d1977612aa9bee7e130
SSDEEP

6144:EOB7ZB3Cm66SGRga8E3uJGCT/SV52kAhKkODUqInK8G7ApBKdH:EGd9Cm6l4z5+JGK42kAh3qfv7ApBmH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0116e0d792869aafe38eb1ead10761fe_JaffaCakes118

Files

0116e0d792869aafe38eb1ead10761fe_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6489088aefd8928bc3cb1eb5c2197be1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

ntohs
gethostbyname
WSAStartup
send
WSACancelBlockingCall
bind
recv
WSASetLastError
setsockopt
socket
accept
connect
getservbyname
htons
shutdown
htonl
inet_ntoa
closesocket
getsockopt
ntohl
WSAGetLastError
WSACleanup
listen

kernel32

FlushConsoleInputBuffer
CloseHandle
FreeLibrary
GetStdHandle
GetFileType
GetThreadTimes
GetCurrentThreadId
GlobalMemoryStatus
SetLastError
GetLocalTime
VirtualAlloc

gdi32

DeleteDC
GetDeviceCaps
CreateCompatibleBitmap
GetBitmapBits
GetObjectA
SelectObject
BitBlt
CreateDCA
CreateCompatibleDC
DeleteObject

user32

MessageBoxIndirectA

mscms

CreateColorTransformA
SetColorProfileElement
InstallColorProfileW
UnregisterCMMW
GetColorProfileFromHandle
GenerateCopyFilePaths

dinput8

DllCanUnloadNow
DirectInput8Create
DllGetClassObject
DllUnregisterServer

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.J
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.TKFjPM
Size: 1KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.s
Size: 1024B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dMAcRw
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 213KB - Virtual size: 481KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6489088aefd8928bc3cb1eb5c2197be1

Headers

DLL Characteristics

File Characteristics

Imports

wsock32

kernel32

gdi32

user32

mscms

dinput8

Sections

.text Size: 18KB - Virtual size: 17KB

.J Size: 1KB - Virtual size: 4KB

.rdata Size: 1KB - Virtual size: 1KB

.TKFjPM Size: 1KB - Virtual size: 10KB

.s Size: 1024B - Virtual size: 6KB

.dMAcRw Size: 1024B - Virtual size: 1KB

.data Size: 213KB - Virtual size: 481KB

.rsrc Size: 10KB - Virtual size: 10KB

.text
Size: 18KB - Virtual size: 17KB

.J
Size: 1KB - Virtual size: 4KB

.rdata
Size: 1KB - Virtual size: 1KB

.TKFjPM
Size: 1KB - Virtual size: 10KB

.s
Size: 1024B - Virtual size: 6KB

.dMAcRw
Size: 1024B - Virtual size: 1KB

.data
Size: 213KB - Virtual size: 481KB

.rsrc
Size: 10KB - Virtual size: 10KB