14f71eaae25c7f9dc963a29cd46ffe7a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

14f71eaae25c7f9dc963a29cd46ffe7a_JaffaCakes118
Size

83KB
MD5

14f71eaae25c7f9dc963a29cd46ffe7a
SHA1

dd8c736c26882d7b62f350255b47cfcb80420bd8
SHA256

38453e5fb6b495c199f7a20a805e2a23d70bad9939b812d7687686ff28eb7886
SHA512

cd32c61b4b5f538b5e479246920f4f615b3be69d39b2a43282bc4cc033983c3092dc807c39f585c40308ad5e772cfde72349a61b91c3d37025df671416d84c83
SSDEEP

768:yoYVLN2AHeGfRJhU5hdzj6IVtfPRgtLIuriovbL+CJlZM2wnqP3vjY5FQNiB9+92:oFe4FUQqLHQiw3+CX62Y5y9yDLXib9le

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
14f71eaae25c7f9dc963a29cd46ffe7a_JaffaCakes118

Files

14f71eaae25c7f9dc963a29cd46ffe7a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2b60ec5c2eb033c57e5097eabdcaaa49

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalFree
GlobalAlloc
ResumeThread
SetThreadPriority
CreateThread
CreateProcessA
FreeLibrary
TerminateProcess
OpenProcess
GetProcAddress
LoadLibraryA
GetWindowsDirectoryA
GetModuleFileNameA
GetVersionExA
OpenMutexA
CreateMutexA
WriteFile
CreateFileA
ReadFile
CloseHandle
WideCharToMultiByte
CopyFileA
GetEnvironmentVariableA
MultiByteToWideChar
Sleep
CompareStringW
CompareStringA
RaiseException
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
SetEnvironmentVariableA
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetCurrentProcess
GetOEMCP
GetACP
GetCPInfo
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
HeapAlloc
HeapFree
RtlUnwind
GetTimeZoneInformation
GetSystemTime
GetLocalTime
HeapReAlloc
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess

advapi32

RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegDeleteValueA
ChangeServiceConfigA
OpenSCManagerA
CloseServiceHandle
OpenServiceA
ControlService
QueryServiceStatus
DeleteService
StartServiceA

iphlpapi

GetNetworkParams
GetBestInterface
GetFriendlyIfIndex
GetIpAddrTable

netapi32

NetShareEnum
NetApiBufferFree

wininet

InternetReadFile
HttpQueryInfoA
InternetOpenUrlA
InternetCloseHandle
InternetOpenA

ws2_32

bind
gethostbyname
closesocket
__WSAFDIsSet
connect
select
WSASocketA
WSAIoctl
htons
send
socket
sendto
inet_addr
recv
WSAStartup

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rebld_i
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2b60ec5c2eb033c57e5097eabdcaaa49

Headers

File Characteristics

Imports

kernel32

advapi32

iphlpapi

netapi32

wininet

ws2_32

Sections

.text Size: 52KB - Virtual size: 51KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 20KB - Virtual size: 20KB

.rebld_i Size: 2KB - Virtual size: 2KB

.text
Size: 52KB - Virtual size: 51KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 20KB - Virtual size: 20KB

.rebld_i
Size: 2KB - Virtual size: 2KB