1c879cf33e98fa5462dc2a98c4f502f0_JaffaCakes118

General

Target

1c879cf33e98fa5462dc2a98c4f502f0_JaffaCakes118
Size

48KB
MD5

1c879cf33e98fa5462dc2a98c4f502f0
SHA1

6533a0b99ee0b81042fe0dfaee78a745e7ac2f35
SHA256

85f20a247e1bdd63f5e414fe567be4c0b85445e1c7f934a4f8468cfdbc65dc4f
SHA512

493f41d72b8c928de7526463dd7ad6cde380ca4b631350fb9caa508406a45dfca384b2ab1d3af7c33caff45ff7763dcde38f6af63bbf3f48fd5ccaf1a39f62e8
SSDEEP

768:v+Nth90ODN5mMz/f0e77d1LjYzhCwQabqPHjOjyb0Bb9kwMQ0/rOOO:v+XNmMzke7d1LjYzhCwQdPjXV20

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1c879cf33e98fa5462dc2a98c4f502f0_JaffaCakes118

Files

1c879cf33e98fa5462dc2a98c4f502f0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

fd28a53f5a8067045261b1a95a8ba3a9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetCloseHandle

urlmon

URLDownloadToFileA

ws2_32

listen
accept
getpeername
bind
getsockname
setsockopt
ntohs
socket
WSACleanup
sendto
htons
connect
send
recv
closesocket
WSAStartup
gethostbyname
WSAGetLastError
inet_ntoa
select
recvfrom
__WSAFDIsSet
inet_addr

user32

FindWindowA

kernel32

LeaveCriticalSection
WaitForSingleObject
CloseHandle
RtlUnwind
FlushFileBuffers
ReadFile
SetStdHandle
LCMapStringW
LCMapStringA
VirtualQuery
GetSystemInfo
VirtualProtect
HeapReAlloc
VirtualAlloc
InitializeCriticalSection
LoadLibraryA
SetFilePointer
GetOEMCP
GetACP
GetLocaleInfoA
HeapAlloc
GetCPInfo
WinExec
CopyFileA
Sleep
OutputDebugStringA
FindFirstFileA
Process32Next
TerminateProcess
OpenProcess
Process32First
CreateToolhelp32Snapshot
CreateThread
WritePrivateProfileStringA
GetPrivateProfileStringA
GetModuleHandleA
GetCommandLineA
GetVersionExA
TlsFree
SetLastError
GetCurrentThreadId
TlsSetValue
TlsGetValue
GetLastError
TlsAlloc
EnterCriticalSection
ExitProcess
GetProcAddress
WriteFile
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
HeapDestroy
HeapCreate
VirtualFree
HeapFree
GetStringTypeA
MultiByteToWideChar
GetStringTypeW

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fd28a53f5a8067045261b1a95a8ba3a9

Headers

File Characteristics

Imports

wininet

urlmon

ws2_32

user32

kernel32

Sections

.text Size: 32KB - Virtual size: 31KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 11KB

.text
Size: 32KB - Virtual size: 31KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 11KB