342dff26ac55db2567dec55dd0dce4a0_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

342dff26ac55db2567dec55dd0dce4a0_JaffaCakes118
Size

435KB
MD5

342dff26ac55db2567dec55dd0dce4a0
SHA1

9f8c3aff3faea1d785b4515e98f9e217f0375b58
SHA256

4ee0463a1369b97f29ba4a65d1dff0a4f804c551ad768fae916051b821dae9fb
SHA512

0dfd8723d5eced38f44cd8a88a7dc866c80b3f440f3c7d60ee1ca092f77bae12069e496e7776e023331802b02a9794898482ba4c676e75871516908b198bc54b
SSDEEP

12288:JLgI37qsC/rHyq6ADx09nJenVjP1/y9TTl5D7RIF5TQwRh6:Jb37qsC/jyq6c3mTl5Dmgw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
342dff26ac55db2567dec55dd0dce4a0_JaffaCakes118

Files

342dff26ac55db2567dec55dd0dce4a0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e7013d6ea11639fd4c5c81ab4f8e3fcd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlInitUnicodeStringEx
RtlUnwind
_wcsicmp
_chkstk
RtlUnicodeStringToAnsiString
RtlUnicodeToMultiByteSize
NtAllocateVirtualMemory
memmove
NtQueryVirtualMemory
RtlAnsiStringToUnicodeString
RtlIsNameLegalDOS8Dot3
wcslen

dnsapi

DnsReplaceRecordSetW

comctl32

FlatSB_GetScrollRange

mswsock

GetAcceptExSockaddrs
AcceptEx

rpcrt4

RpcBindingFromStringBindingW
RpcEpResolveBinding
RpcBindingFree
RpcStringFreeW
NdrClientCall2
RpcStringBindingComposeW
I_RpcExceptionFilter
RpcBindingSetAuthInfoExW

gdi32

GetTextExtentPointW
CreateCompatibleBitmap
SetViewportExtEx
GetCharWidth32W
SelectObject
CreateSolidBrush
TextOutW
GetDeviceCaps
TranslateCharsetInfo
EnumFontFamiliesExW

kernel32

GetTickCount
lstrlenA
InterlockedExchange
DelayLoadFailureHook
GetShortPathNameW
WaitForSingleObject
GetProcAddress
GetVersionExA
UnhandledExceptionFilter
FreeLibraryAndExitThread
GetModuleHandleA
GetCurrentProcessId
WideCharToMultiByte
GetLastError
GetDriveTypeW
SetUnhandledExceptionFilter
TlsSetValue
GetFullPathNameW
InitializeCriticalSectionAndSpinCount
FindFirstFileW
GlobalLock
QueryPerformanceCounter
InterlockedDecrement
ExpandEnvironmentStringsW
FindResourceW
LoadLibraryW
InterlockedIncrement
GetCurrentThreadId
TerminateProcess
lstrcmpW
GetProcessVersion
lstrcmpiW
CreateEventW
FindNextFileW
TlsAlloc
GetSystemDefaultUILanguage
SetCurrentDirectoryW
FreeLibrary
GetCurrentProcess
lstrlenW
FormatMessageW
ResetEvent
TlsFree
LockResource
LocalAlloc
LocalSize
SetEvent
TlsGetValue
GetModuleFileNameW
FindResourceA
DeleteFileW
GetSystemTimeAsFileTime
lstrcpyA
DeleteCriticalSection
LeaveCriticalSection
LoadResource
MultiByteToWideChar
GetVolumeInformationW
FreeResource
lstrcpyW
CloseHandle
LocalFree
GetProfileStringW
GlobalUnlock
GetLocaleInfoW
DisableThreadLibraryCalls
SetErrorMode
GetUserDefaultLCID
LoadLibraryA
GlobalFree
CreateFileW
CreateThread
GetCurrentDirectoryW
GetTempFileNameW
SizeofResource
lstrcpynW
FindClose
GetACP
SetLastError
GetFileAttributesW
FindResourceExW
EnterCriticalSection
GetModuleHandleW
LocalReAlloc
InterlockedCompareExchange
GlobalAlloc
MulDiv
GlobalReAlloc

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 920KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 323KB - Virtual size: 323KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e7013d6ea11639fd4c5c81ab4f8e3fcd

Headers

File Characteristics

Imports

ntdll

dnsapi

comctl32

mswsock

rpcrt4

gdi32

kernel32

Sections

.text Size: 25KB - Virtual size: 25KB

.data Size: 80KB - Virtual size: 920KB

.rdata Size: 4KB - Virtual size: 4KB

.rsrc Size: 323KB - Virtual size: 323KB

.text
Size: 25KB - Virtual size: 25KB

.data
Size: 80KB - Virtual size: 920KB

.rdata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 323KB - Virtual size: 323KB