2861f98980c07d1c50c04e51c8f8c1f2_JaffaCakes118

General

Target

2861f98980c07d1c50c04e51c8f8c1f2_JaffaCakes118
Size

240KB
MD5

2861f98980c07d1c50c04e51c8f8c1f2
SHA1

8e9707be4f9de85175ea1d4a11eec92b2e6b132f
SHA256

40ea499d6d04221269c82117d2b50fe1400e318bd3e7d43d7ca8aec0e335eb63
SHA512

2e645eeccca306058475cc1f0b048f96c631f9ffda5c1da69f32fcdd02f5243ae51b257b6b3803ca5bfe9789310b82c0100433ed746ce338c502ff29a9f705d3
SSDEEP

3072:YweiJxO4wT4XsaJkjP2UpSuDJB0mZCHMx1n35MLmhey+HPLqUL/oFxSFYuM68igx:YexO4IjOapKMWqhyHPLLbf6uM68L

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2861f98980c07d1c50c04e51c8f8c1f2_JaffaCakes118

Files

2861f98980c07d1c50c04e51c8f8c1f2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8c9de019697fa074a81b066cde440545

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSACleanup
ntohs
WSAStartup
htons
gethostbyaddr
ntohl
htonl
getprotobyname
getservbyname
WSAGetLastError
gethostbyname
gethostname

packet

PacketOpenAdapter
PacketAllocatePacket
PacketGetNetType
PacketSetBpf
PacketSetHwFilter
PacketInitPacket
PacketSetReadTimeout
PacketReceivePacket
PacketSetBuff
PacketCloseAdapter
PacketGetAdapterNames

kernel32

FileTimeToLocalFileTime
SetHandleCount
SetStdHandle
CreateFileA
GetLastError
GetOEMCP
GetACP
GetCurrentDirectoryA
GetFullPathNameA
DeleteFileA
GetCurrentProcessId
PeekNamedPipe
GetDriveTypeA
FlushFileBuffers
FindFirstFileA
SetEndOfFile
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetVersion
InterlockedExchange
GetFileInformationByHandle
Sleep
UnmapViewOfFile
CloseHandle
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
GetSystemInfo
ExitProcess
TerminateProcess
GetCurrentProcess
HeapAlloc
GetTimeZoneInformation
GetSystemTime
GetLocalTime
HeapFree
HeapReAlloc
GetCommandLineA
GetSystemTimeAsFileTime
GetStringTypeW
LoadLibraryA
GetFileType
SetFilePointer
HeapDestroy
HeapCreate
FindClose
FileTimeToSystemTime
VirtualAlloc
VirtualFree
GetStdHandle
GetStartupInfoA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetModuleFileNameA
WriteFile
FreeEnvironmentStringsA
FreeEnvironmentStringsW
ReadFile
GetCPInfo
UnhandledExceptionFilter
GetEnvironmentStringsW
GetEnvironmentStrings
GetModuleHandleA
RtlUnwind
GetProcAddress

Sections

.text
Size: 200KB - Virtual size: 198KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8c9de019697fa074a81b066cde440545

Headers

File Characteristics

Imports

ws2_32

packet

kernel32

Sections

.text Size: 200KB - Virtual size: 198KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 20KB - Virtual size: 38KB

.text
Size: 200KB - Virtual size: 198KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 20KB - Virtual size: 38KB