29d1c01a525482a2ecfb491e0daa32e8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

29d1c01a525482a2ecfb491e0daa32e8_JaffaCakes118
Size

104KB
MD5

29d1c01a525482a2ecfb491e0daa32e8
SHA1

f6083801466cb8393d7d46bed3034fab8ebd71f1
SHA256

91f3833e6ed78d0e95e87a09d408933378b97cb7ed11e40d3d7b228b494bd3c9
SHA512

189ee94dca88473080434e1c29318a30947044627e55bcb9834fb36aec15807a35c2617889d9229f23a01a1929a5f9a121739639446016c227ff3ffb3970230f
SSDEEP

3072:kHg0rLwHHr0CQ68M0w4EzRYIeThtono7uhf:Oj0ACsjm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
29d1c01a525482a2ecfb491e0daa32e8_JaffaCakes118

Files

29d1c01a525482a2ecfb491e0daa32e8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

92f02eea4b8ce335b798ac4424aed9eb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

ntohs
inet_ntoa
ioctlsocket
bind
listen
accept
WSAGetLastError
setsockopt
sendto
inet_addr
socket
htons
connect
closesocket
htonl
send
select
__WSAFDIsSet
WSAStartup
recv
getsockname
gethostbyaddr
gethostbyname

shell32

ShellExecuteA

advapi32

SetServiceStatus
DeleteService
GetUserNameA
StartServiceCtrlDispatcherA
OpenSCManagerA
OpenServiceA
CreateServiceA
StartServiceA
RegisterServiceCtrlHandlerA

wininet

InternetReadFile
InternetCloseHandle
InternetOpenUrlA
InternetOpenA

kernel32

IsBadReadPtr
SetUnhandledExceptionFilter
MultiByteToWideChar
GetLastError
GetFileType
GetStdHandle
SetHandleCount
IsBadCodePtr
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetOEMCP
GetACP
GetCPInfo
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
LoadLibraryA
SetStdHandle
FlushFileBuffers
GetEnvironmentStringsW
ExitThread
HeapSize
GetProcAddress
RaiseException
IsBadWritePtr
HeapReAlloc
GetSystemDirectoryA
SetErrorMode
Sleep
GetComputerNameA
GetTickCount
GetVersionExA
GlobalMemoryStatus
SetFileAttributesA
CopyFileA
GetModuleFileNameA
GetModuleHandleA
CloseHandle
Process32Next
Process32First
CreateToolhelp32Snapshot
WriteFile
CreateFileA
GetTempPathA
ReadFile
SetFilePointer
GetFileSize
CreateThread
GetFileAttributesA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FindNextFileA
FindFirstFileA
GetTimeFormatA
GetDateFormatA
DeleteFileA
TerminateProcess
OpenProcess
TerminateThread
HeapAlloc
ExitProcess
GetCurrentProcess
HeapFree
RtlUnwind
GetStartupInfoA
GetCommandLineA
GetVersion
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc

Sections

.text
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

92f02eea4b8ce335b798ac4424aed9eb

Headers

File Characteristics

Imports

ws2_32

shell32

advapi32

wininet

kernel32

Sections

.text Size: 76KB - Virtual size: 74KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 12KB - Virtual size: 117KB

.text
Size: 76KB - Virtual size: 74KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 12KB - Virtual size: 117KB