054e0195273a068f4483a63e2fb1bd24_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

054e0195273a068f4483a63e2fb1bd24_JaffaCakes118
Size

72KB
MD5

054e0195273a068f4483a63e2fb1bd24
SHA1

d6ed318e14444b2f4d55401f26bbe56ebac8341c
SHA256

b568d81981a82a519890eaa3d5dd69c78fe9ed63cf15a35b0bf7fe246d5f7a70
SHA512

b988fcea6a6aa19d31d81d54f3f86cbe2e9fad8806efb5c1ba38ab277dbda12f59c99969a2ae4ac16e3e025a119cdf2355571de68e19fb67ff320b2705664858
SSDEEP

1536:T1A/sl3WhuF6r+BtvNPapRJYg8TReflxd:TOwWhw6SjNa96eflx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
054e0195273a068f4483a63e2fb1bd24_JaffaCakes118

Files

054e0195273a068f4483a63e2fb1bd24_JaffaCakes118
.dll windows:4 windows x86 arch:x86

8685b02d9654af5d55be3cbe9c9250e4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

OutputDebugStringA
GetLastError
WriteProcessMemory
VirtualProtectEx
MultiByteToWideChar
ReadProcessMemory
WaitForSingleObject
Sleep
CreateThread
CloseHandle
ReadFile
CreateFileA
GetSystemDirectoryA
WideCharToMultiByte
GetCurrentProcess
VirtualProtect
FreeLibrary
GetProcAddress
LoadLibraryA
TerminateProcess
GlobalAlloc
GlobalFree
LoadLibraryW
ExpandEnvironmentStringsW
GetCurrentProcessId
WriteFile
SetEvent
CreateEventA
OpenProcess
CreateMutexA
GetModuleFileNameA
FlushFileBuffers
HeapSize
LCMapStringW
LCMapStringA
GetSystemInfo
SetStdHandle
InitializeCriticalSection
GetOEMCP
GetACP
GetLocaleInfoA
GetCPInfo
GetStringTypeW
GetStringTypeA
VirtualQuery
InterlockedExchange
ExitProcess
HeapFree
HeapAlloc
GetCurrentThreadId
GetCommandLineA
GetVersionExA
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetModuleHandleA
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
SetFilePointer
RtlUnwind

user32

EnumWindows
GetWindowThreadProcessId
GetClassNameA

shell32

ShellExecuteA

ws2_32

htons
bind
listen
accept
gethostbyname
closesocket
inet_addr
ntohs
socket
connect
send
WSAGetLastError
recv
__WSAFDIsSet
select
WSCEnumProtocols
WSCGetProviderPath
inet_ntoa

Exports

Exports

WSPStartup

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8685b02d9654af5d55be3cbe9c9250e4

Headers

File Characteristics

Imports

kernel32

user32

shell32

ws2_32

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 39KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 4KB - Virtual size: 15KB

Shared Size: 4KB - Virtual size: 4B

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 40KB - Virtual size: 39KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 15KB

Shared
Size: 4KB - Virtual size: 4B

.reloc
Size: 8KB - Virtual size: 4KB