16652d4213991ae58e268ae03a4c4e97_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

16652d4213991ae58e268ae03a4c4e97_JaffaCakes118
Size

725KB
MD5

16652d4213991ae58e268ae03a4c4e97
SHA1

741310d9dfec1e75129b5e4f6e67d8c51d006e31
SHA256

c317733322bd1c42601cefb6428e72eec2623ca2c0bfcaf8fb4d7256208f8748
SHA512

c4114800297ac65235c9548211c8856ca75b62ff0bfb543af77208a6573497c7cf53578241f9f3c47a2b5a6c911ef6ef8b13f22c6c8f6ac985b14bea9d5a9588
SSDEEP

12288:chIuCI0M/YK4JOnYH1DrmGFxAJd/KUJGTvG75bt/PSpbut:cGuC/o4AYZrmGFxAJoGwvGdp/PSpbut

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
16652d4213991ae58e268ae03a4c4e97_JaffaCakes118

Files

16652d4213991ae58e268ae03a4c4e97_JaffaCakes118
.exe windows:5 windows x86 arch:x86

810c6a348e6579098f96b1e457be3dcc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetDateFormatA
ReadConsoleInputA
SetConsoleMode
GetTimeZoneInformation
CompareStringW
GetModuleFileNameA
CreateEventA
SetEvent
SetErrorMode
ExitProcess
DeleteFileA
GetVersionExA
GetLastError
GetTickCount
GetLocaleInfoA
GetComputerNameA
CreateThread
ResumeThread
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
Sleep
InitializeCriticalSection
GetTempPathA
LoadLibraryA
GetProcAddress
WriteFile
IsBadReadPtr
WaitForSingleObject
CreateFileA
CloseHandle
WaitForMultipleObjects
TerminateThread
GetProcessHeap
GetTimeFormatA
GetVersionExW
GlobalMemoryStatus
GetVersion
GetSystemInfo
GetFileSize
OutputDebugStringA
CreateMutexW
CreateSemaphoreW
ReleaseSemaphore
GetFileSizeEx
ReadFile
FlushViewOfFile
SetFilePointerEx
SetEndOfFile
UnmapViewOfFile
FlushConsoleInputBuffer
HeapFree
HeapAlloc
DecodePointer
EncodePointer
ExitThread
GetCurrentThreadId
GetCommandLineA
HeapSetInformation
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStdHandle
GetModuleFileNameW
RaiseException
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
InterlockedDecrement
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
HeapCreate
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
SetConsoleCtrlHandler
LoadLibraryW
RtlUnwind
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FreeLibrary
HeapReAlloc
SetFilePointer
GetConsoleCP
GetConsoleMode
LCMapStringW
MultiByteToWideChar
GetStringTypeW
IsProcessorFeaturePresent
FlushFileBuffers
SetStdHandle
WriteConsoleW
CreateFileW
SetEnvironmentVariableA

user32

LoadIconA
KillTimer
PostQuitMessage
RegisterClassExA
SetTimer
GetMessageA
BeginPaint
MoveWindow
GetSystemMetrics
DispatchMessageA
TranslateAcceleratorA
ShowWindow
UpdateWindow
TranslateMessage
SetWindowLongA
LoadCursorA
DefWindowProcA
CreateWindowExA
wsprintfA
GetUserObjectInformationW
GetProcessWindowStation
GetDesktopWindow
MessageBoxW
wvsprintfA
EndPaint

advapi32

RegisterEventSourceW
SetServiceStatus
ReportEventW
SystemFunction036
RegisterEventSourceA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
DeregisterEventSource
ReportEventA

urlmon

URLDownloadToCacheFileW

shlwapi

PathRemoveFileSpecA

ws2_32

WSAStartup
gethostbyname
gethostname
ntohs
closesocket
socket
htons
freeaddrinfo
getaddrinfo
htonl
ntohl
WSAAddressToStringA
connect
accept
listen
send
recv
WSAStringToAddressA
ioctlsocket
setsockopt
getsockopt
sendto
recvfrom
bind

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 484KB - Virtual size: 484KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 78KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

810c6a348e6579098f96b1e457be3dcc

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

urlmon

shlwapi

ws2_32

iphlpapi

Sections

.text Size: 484KB - Virtual size: 484KB

.rdata Size: 124KB - Virtual size: 124KB

.data Size: 78KB - Virtual size: 158KB

.reloc Size: 36KB - Virtual size: 36KB

.text
Size: 484KB - Virtual size: 484KB

.rdata
Size: 124KB - Virtual size: 124KB

.data
Size: 78KB - Virtual size: 158KB

.reloc
Size: 36KB - Virtual size: 36KB