178f11a1392db50eb1790bd57521ac5a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

178f11a1392db50eb1790bd57521ac5a_JaffaCakes118
Size

387KB
MD5

178f11a1392db50eb1790bd57521ac5a
SHA1

09f8658da2959d5b06d24f7f8c5eab8d890bcf4d
SHA256

7ad727e9f88c5aa74accef6090e3d307de4b7e679b1b5eb30bffb8fb55735b82
SHA512

fa2245660626933ffd9e3041c8d1d045d5ee44ce2a5bffcab13026d6cde55ae8b97ec5490853b5ca59ab93e57074a5d39ffb9eceb42f1d26f95e4130173535cd
SSDEEP

6144:s0G0i0cVk+qKfICQ78QMZLtTS2YlsagKoaHGJUeVV5lX09N7YpQpJz:sIi0GkdsJQ78h42cF4amq2H0gpS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
178f11a1392db50eb1790bd57521ac5a_JaffaCakes118

Files

178f11a1392db50eb1790bd57521ac5a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b47f9a28fd5b5065420b874d4098f855

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

ord128
ord580
ord151
ord537
ord882
ord879
ord591
ord587
ord469
ord661
ord478
ord319
ord541
ord545
ord887
ord899
ord763
ord616
ord951
ord948
ord582
ord464
ord431
ord409
ord375
ord373
ord364
ord361
ord314
ord266
ord241
ord209
ord205
ord183
ord184
ord109
ord912
ord860
ord778
ord769
ord712
ord679
ord666
ord433
ord348
ord351
ord80
ord50
ord851
ord850
ord587
ord375
ord945
ord921
ord912
ord900
ord895
ord888
ord887
ord886
ord885
ord882
ord879
ord843
ord837
ord835
ord834
ord818
ord817
ord814
ord800
ord778
ord776
ord773
ord772
ord769
ord707
ord704
ord694
ord682
ord679
ord632
ord615
ord609
ord600
ord586
ord581
ord580
ord537
ord512
ord508
ord506
ord504
ord505
ord501
ord497
ord496
ord494
ord492
ord489
ord479
ord478
ord469
ord465
ord464
ord462
ord460
ord444
ord442
ord435
ord433
ord409
ord398
ord375
ord373
ord364
ord363
ord361
ord354
ord348
ord343
ord340
ord339
ord332
ord326
ord320
ord319
ord318
ord317
ord316
ord270
ord254
ord247
ord243
ord545
ord542
ord541
ord241
ord236
ord224
ord218
ord209
ord205
ord195
ord194
ord152
ord151
ord130
ord128
ord109
ord99
ord98
ord80
ord76
ord72
ord64
ord56
ord50
ord835
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

ord296
ord457
ord477
ord43
ord97
ord728
ord727
ord726
ord723
ord721
ord700
ord692
ord687
ord683
ord682
ord677
ord666
ord659
ord657
ord656
ord655
ord651
ord644
ord643
ord641
ord635
ord625
ord624
ord623
ord621
ord619
ord615
ord611
ord606
ord600
ord599
ord592
ord590
ord587
ord584
ord581
ord580
ord572
ord565
ord562
ord557
ord556
ord555
ord554
ord539
ord539
ord535
ord534
ord524
ord514
ord512
ord510
ord500
ord499
ord495
ord491
ord478
ord477
ord476
ord472
ord468
ord457
ord448
ord444
ord440
ord438
ord435
ord433
ord432
ord429
ord428
ord425
ord423
ord417
ord415
ord407
ord404
ord403
ord399
ord398
ord395
ord380
ord376
ord373
ord372
ord367
ord365
ord356
ord350
ord349
ord348
ord347
ord346
ord344
ord343
ord342
ord331
ord326
ord363
ord315
ord313
ord312
ord309
ord308
ord307
ord301
ord297
ord295
ord292
ord291
ord290
ord288
ord283
ord280
ord279
ord271
ord270
ord269
ord268
ord265
ord258
ord256
ord253
ord247
ord244
ord236
ord234
ord228
ord227
ord226
ord224
ord223
ord220
ord201
ord197
ord196
ord195
ord194
ord189
ord185
ord184
ord183
ord182
ord179
ord162
ord154
ord152
ord150
ord150
ord146
ord143
ord140
ord138
ord95
ord94
ord88
ord67
ord65
ord58
ord28
ord27
ord14
ord43
ord40
ord39
ord54
ord49
ord3
ord1
MessageBoxA

advapi32

ord495
ord485
ord459
ord524
ord513
ord508
ord495
ord490
ord485
ord478
ord476
ord473
ord468
ord466
ord463
ord459
ord178
ord577
ord578
ord572
ord516
ord445
ord430
ord428
ord211
ord177
ord102
ord68
ord64
ord56
ord443

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

mpr

ord62

version

ord11
ord2
ord1

gdi32

ord596
ord587
ord581
ord579
ord577
ord574
ord570
ord567
ord563
ord548
ord544
ord539
ord536
ord535
ord529
ord528
ord521
ord514
ord504
ord503
ord501
ord482
ord479
ord467
ord464
ord463
ord457
ord453
ord451
ord446
ord440
ord438
ord427
ord423
ord414
ord412
ord407
ord375
ord374
ord371
ord365
ord364
ord363
ord361
ord359
ord354
ord338
ord332
ord284
ord222
ord216
ord144
ord142
ord141
ord81
ord73
ord70
ord64
ord59
ord52
ord51
ord46
ord45
ord42
ord40
ord36
ord19

comctl32

ord79
ord59
ord82
ord67
ord56
ord49
ord76
ord48
ord47
ord46
ord54
ord42
ord68
ord51
ord50
ord55
ord75
ord70
ord39
ord60
ord45
ord44

shell32

ord359

wininet

ord272
ord265
ord264
ord223

winmm

ord184
ord182
ord181
ord180
ord179
ord170
ord169

netapi32

ord263

wsock32

WSACleanup
WSAStartup
WSAGetLastError
WSACancelAsyncRequest
WSAAsyncGetServByName
WSAAsyncGetHostByName
WSAAsyncSelect
gethostname
getservbyname
gethostbyname
socket
setsockopt
sendto
send
select
recvfrom
recv
htons
listen
inet_ntoa
inet_addr
ioctlsocket
htons
getsockopt
getsockname
getpeername
connect
closesocket
bind
accept

avicap32

ord2
ord4

msvfw32

ord6
ord5
ord10

urlmon

ord173

ws2_32

gethostname
gethostbyname
WSACleanup
WSAStartup

Sections

CODE
Size: - Virtual size: 608KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 27KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 20B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mackt
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.vmp1
Size: 374KB - Virtual size: 374KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b47f9a28fd5b5065420b874d4098f855

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

mpr

version

gdi32

comctl32

shell32

wininet

winmm

netapi32

wsock32

avicap32

msvfw32

urlmon

ws2_32

Sections

CODE Size: - Virtual size: 608KB

DATA Size: - Virtual size: 31KB

BSS Size: - Virtual size: 27KB

.idata Size: - Virtual size: 11KB

.tls Size: - Virtual size: 20B

.rdata Size: - Virtual size: 24B

.reloc Size: - Virtual size: 39KB

.rsrc Size: 11KB - Virtual size: 40KB

.mackt Size: - Virtual size: 4KB

.vmp0 Size: - Virtual size: 9KB

.vmp1 Size: 374KB - Virtual size: 374KB

.reloc Size: 512B - Virtual size: 76B

CODE
Size: - Virtual size: 608KB

DATA
Size: - Virtual size: 31KB

BSS
Size: - Virtual size: 27KB

.idata
Size: - Virtual size: 11KB

.tls
Size: - Virtual size: 20B

.rdata
Size: - Virtual size: 24B

.reloc
Size: - Virtual size: 39KB

.rsrc
Size: 11KB - Virtual size: 40KB

.mackt
Size: - Virtual size: 4KB

.vmp0
Size: - Virtual size: 9KB

.vmp1
Size: 374KB - Virtual size: 374KB

.reloc
Size: 512B - Virtual size: 76B