0eaaa7ed312c2cdb8f71cf625e124c4f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0eaaa7ed312c2cdb8f71cf625e124c4f_JaffaCakes118
Size

36KB
MD5

0eaaa7ed312c2cdb8f71cf625e124c4f
SHA1

85e3fc2f3df1c0699c84b47e8f9e217fd4cf967f
SHA256

51e4c4aa719884a74a62dc73e17b79737ff1cfe643646c0e71dae20543e76195
SHA512

cca462d6313f92706c940d1ec4be0ebb030663b383a017ec162e0b408b78934fc99b62441565fd577e8368ab99e76a3d42f820effbcf275650297cee18a6cd44
SSDEEP

384:RgOzR/oWIONw8YLxX6UivezTyGbkuOlk5Ox4jjKR/zvMTJs6CE:R9+Ou8YdXS8yM4kIxoWR/Tkn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0eaaa7ed312c2cdb8f71cf625e124c4f_JaffaCakes118

Files

0eaaa7ed312c2cdb8f71cf625e124c4f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

69ac1812a3b2ebed5de6d8306f054161

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

bind
htonl
socket
setsockopt
recvfrom
sendto
WSAStartup
accept
listen
getpeername
gethostbyname
__WSAFDIsSet
select
connect
WSASocketA
htons
closesocket
send
recv

wininet

InternetReadFile
InternetOpenUrlA
InternetOpenA

kernel32

GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
GetSystemTimeAsFileTime
GetCurrentProcessId
lstrlenA
GetModuleFileNameA
GetTempFileNameA
GetTempPathA
GetComputerNameA
GetEnvironmentVariableA
Sleep
InitializeCriticalSection
GetCommandLineA
FindFirstFileA
FindNextFileA
FindClose
DeleteFileA
LoadLibraryA
GetProcAddress
GetCurrentDirectoryA
GetCurrentThreadId
GetStartupInfoA
CreateProcessA
WaitForSingleObject
CloseHandle
CreateFileA
ReadFile
CopyFileA
WriteFile
EnterCriticalSection
LeaveCriticalSection
SetCurrentDirectoryA

user32

DispatchMessageA
GetMessageA
CreateWindowExA
RegisterClassExA
DefWindowProcA
PostQuitMessage
wsprintfA
MessageBoxA

advapi32

RegSetValueExA
RegOpenKeyExA
GetUserNameA
RegCloseKey

msvcr80

_crt_debugger_hook
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_except_handler4_common
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
_invoke_watson
_controlfp_s
memset
__set_app_type
memcpy
sprintf_s
rename
strncmp
_strdup
free
strstr
atoi
perror
malloc
_time64
sprintf
calloc
strcpy_s
_endthread
_beginthread
fprintf
fflush
printf
strchr
fopen
fclose
fread
fwrite
atol
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
exit

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

69ac1812a3b2ebed5de6d8306f054161

Headers

File Characteristics

Imports

ws2_32

wininet

kernel32

user32

advapi32

msvcr80

Sections

.text Size: 16KB - Virtual size: 14KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 4KB - Virtual size: 428B

.text
Size: 16KB - Virtual size: 14KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 428B