2be66bab657264dfedfa403334681d81_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2be66bab657264dfedfa403334681d81_JaffaCakes118
Size

59KB
MD5

2be66bab657264dfedfa403334681d81
SHA1

1b53dc4596a009a2d53f3077b9d1e5b4afb7ecf0
SHA256

8a914952d6a37f6b2406e2ccc8f601f3cb0becb8b02161cc43ab72fde7530884
SHA512

f1d39087f535789c9a855d31b8b210a079b18d52f6f15bddda6c54e96971ce8b45356df57d9d1a3e80cb12cac2270dbf67384790ba0b70eb0093a536906bf7f1
SSDEEP

1536:qufhFfU1xib5y+/UFDGHOL6KSfEzv7ZR+94x:quf81K//UF6H86KSfyjZRk4x

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2be66bab657264dfedfa403334681d81_JaffaCakes118

Files

2be66bab657264dfedfa403334681d81_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d3ab614c4cdd2ca1c238bd78c21816f4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegEnumKeyExA
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegSetValueExA

shlwapi

StrStrIA
wnsprintfA
StrStrA

ws2_32

send
recv
connect
setsockopt
WSAStartup
socket
getsockname
sendto
recvfrom
htons
WSAGetLastError
WSASetLastError
closesocket
inet_addr
getsockopt
inet_ntoa
gethostbyname
htonl

kernel32

RtlUnwind
InterlockedExchange
MultiByteToWideChar
GlobalAlloc
GlobalFree
lstrcmpW
GetSystemTime
GetEnvironmentVariableA
CreateProcessA
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
CreateFileA
DeviceIoControl
GetLastError
GetCommandLineA
GetVersion
MapViewOfFile
CreateFileMappingA
CreateThread
GetCurrentThreadId
CreateMutexA
CloseHandle
OpenMutexA
Sleep
ExitProcess
ExitThread
TerminateThread
OpenThread
lstrcmpA
lstrlenW
IsBadReadPtr
lstrcmpiA
HeapCreate
HeapAlloc
HeapReAlloc
HeapFree
IsBadWritePtr
GetTickCount
WaitForSingleObject
ReleaseMutex
SystemTimeToFileTime
GetTimeZoneInformation
VirtualQuery

user32

wsprintfA
GetDC
CharLowerA

dnsapi

DnsQuery_A
DnsExtractRecordsFromMessage_W
DnsRecordListFree

gdiplus

GdipDeleteGraphics
GdipGetFontCollectionFamilyCount
GdipNewPrivateFontCollection
GdipPrivateAddMemoryFont
GdipDeleteFont
GdipDeletePen
GdipLoadImageFromStreamICM
GdipDisposeImage
GdipSaveImageToStream
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromScan0
GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusStartup
GdiplusShutdown
GdipCreateSolidFill
GdipGetImageGraphicsContext
GdipGetDC
GdipReleaseDC
GdipDrawLineI
GdipFillRectangleI
GdipDrawString
GdipDrawImageI
GdipCloneFontFamily
GdipGetFontCollectionFamilyList
GdipDeletePrivateFontCollection
GdipCreateFont
GdipCloneBitmapAreaI
GdipCloneBrush
GdipCloneImage
GdipCreatePen1
GdipDeleteBrush
GdipFree
GdipAlloc
GdipLoadImageFromStream

gdi32

GetTextExtentPoint32A

ole32

CreateStreamOnHGlobal

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 21.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d3ab614c4cdd2ca1c238bd78c21816f4

Headers

File Characteristics

Imports

advapi32

shlwapi

ws2_32

kernel32

user32

dnsapi

gdiplus

gdi32

ole32

Sections

.text Size: 56KB - Virtual size: 56KB

.data Size: 2KB - Virtual size: 21.7MB

.text
Size: 56KB - Virtual size: 56KB

.data
Size: 2KB - Virtual size: 21.7MB