32a8ee17ba855dd7991a1f0ba6e82863_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

32a8ee17ba855dd7991a1f0ba6e82863_JaffaCakes118
Size

244KB
MD5

32a8ee17ba855dd7991a1f0ba6e82863
SHA1

add5f4188b13f6b9449403280727e79df3e94544
SHA256

63627cc5c11d3bba8605ea8bd99490bf1576f9b1df824e1c71f84ab36d768034
SHA512

a998605d4c6b115344749d03f9d923a0d59072c80ecb100e45c322c47e3f5b3f8a392e1e97a0a82a2817195f7a8aa5b6cd9fce3f20f5d83438f4c1a0350c951b
SSDEEP

3072:zWEEbuENMKdTMeHTXvZsZw92Tp3OJ99VpBJ1YtTitlYja0a:GacGZE2tMnVprCW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
32a8ee17ba855dd7991a1f0ba6e82863_JaffaCakes118

Files

32a8ee17ba855dd7991a1f0ba6e82863_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d2e434e1eac6ba1740a405e4d814f89b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

getprotobynumber
socket
setsockopt
WSAWaitForMultipleEvents
WSAEnumNetworkEvents

userenv

LeaveCriticalPolicySection
DestroyEnvironmentBlock
ExpandEnvironmentStringsForUserA
CreateEnvironmentBlock

winmm

waveInClose
timeBeginPeriod
waveInAddBuffer
waveInStart
waveInOpen
waveInStop
timeEndPeriod

mpr

WNetAddConnection2A
WNetGetUniversalNameA
WNetGetUserA

netapi32

NetWkstaSetInfo
NetApiBufferFree
NetGetAnyDCName
NetUserGetInfo

comdlg32

ChooseFontA
CommDlgExtendedError
GetSaveFileNameA
GetOpenFileNameA
ReplaceTextA

comctl32

ImageList_DragEnter
ImageList_DragMove
ImageList_DragShowNolock
ImageList_ReplaceIcon

kernel32

MultiByteToWideChar
SetEndOfFile
LoadLibraryA
GetProcAddress
GetOEMCP
GetACP
GetCPInfo
FlushFileBuffers
SetStdHandle
IsBadWritePtr
HeapReAlloc
VirtualAlloc
HeapAlloc
WriteFile
LCMapStringA
VirtualFree
HeapCreate
HeapDestroy
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
UnhandledExceptionFilter
SetFilePointer
LCMapStringW
GetStringTypeA
GetStringTypeW
RtlUnwind
lstrlenA
SetSystemPowerState
GetLocalTime
CreateFileA
GetProfileStringW
VirtualProtect
GetComputerNameA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
GetLastError
CloseHandle
ReadFile
TerminateProcess
GetCurrentProcess

Sections

.text
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 707KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d2e434e1eac6ba1740a405e4d814f89b

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

userenv

winmm

mpr

netapi32

comdlg32

comctl32

kernel32

Sections

.text Size: 40KB - Virtual size: 37KB

.rdata Size: 64KB - Virtual size: 63KB

.data Size: 108KB - Virtual size: 707KB

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 16KB - Virtual size: 15KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 40KB - Virtual size: 37KB

.rdata
Size: 64KB - Virtual size: 63KB

.data
Size: 108KB - Virtual size: 707KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 16KB - Virtual size: 15KB

.reloc
Size: 8KB - Virtual size: 4KB