235ac05d2171d7b097015d64bddb69e9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

235ac05d2171d7b097015d64bddb69e9_JaffaCakes118
Size

268KB
MD5

235ac05d2171d7b097015d64bddb69e9
SHA1

5878cd47fad0196ac4a1bb32d81abee584f6cc6d
SHA256

2e0b6ac65df0c6ef08f33d0943f691083b8b1f13520e04a3988c33940ceea4da
SHA512

94c53f24da8d919d3c3526068b6c5194f424cede19ae72e521800ff1d57f64f3c1dab594e2a57e11fa1aa6952442f2df5d61ddb99d0f49967746882efd5c737d
SSDEEP

6144:Rpel5Vo9NeA9Bj44IEyFBInpCV62ayxr5ORdTE1dUI+W+q:RpgoHJ9Bj3zg61yd5wbI+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
235ac05d2171d7b097015d64bddb69e9_JaffaCakes118

Files

235ac05d2171d7b097015d64bddb69e9_JaffaCakes118
.dll windows:4 windows x86 arch:x86

ab07a736a831ced515c178730ab51582

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVolumeInformationA
GetComputerNameA
TerminateProcess
OutputDebugStringA
GetLastError
DeleteFileA
FreeResource
LockResource
SizeofResource
LoadResource
FindResourceExA
OpenFile
WaitForSingleObject
CreateThread
GetLocalTime
GetModuleFileNameA
FindNextFileA
FindFirstFileA
CreateMutexA
SetEnvironmentVariableA
CompareStringW
CompareStringA
LCMapStringW
LCMapStringA
SetEndOfFile
CreateProcessA
Sleep
FindClose
LoadLibraryA
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
CreateFileA
FlushFileBuffers
SetStdHandle
InterlockedIncrement
InterlockedDecrement
SetFilePointer
GetEnvironmentStringsW
GetEnvironmentStrings
HeapFree
HeapAlloc
HeapReAlloc
GetTimeZoneInformation
GetSystemTime
GetFileAttributesA
GetCommandLineA
GetVersion
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
RtlUnwind
CloseHandle
WriteFile
ReadFile
WideCharToMultiByte
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetProcAddress
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW

user32

SendMessageA
GetWindowThreadProcessId
GetClassNameA
GetParent
CloseDesktop
SetForegroundWindow
EnumDesktopWindows
PostMessageA
CreateDesktopA
OpenDesktopA
EnumChildWindows

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

SHGetSpecialFolderPathA

ws2_32

WSACleanup
gethostbyname
WSAStartup
connect
setsockopt
socket
htons
send
recv
closesocket
shutdown
inet_addr
WSAGetLastError

Exports

Exports

IsSound
Run_360try

Sections

.text
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 172KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ab07a736a831ced515c178730ab51582

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ws2_32

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 58KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 16KB - Virtual size: 19KB

.rsrc Size: 172KB - Virtual size: 168KB

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 60KB - Virtual size: 58KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 16KB - Virtual size: 19KB

.rsrc
Size: 172KB - Virtual size: 168KB

.reloc
Size: 8KB - Virtual size: 5KB