34386aaa61901b9ac601f85bded7ff4d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

34386aaa61901b9ac601f85bded7ff4d_JaffaCakes118
Size

188KB
MD5

34386aaa61901b9ac601f85bded7ff4d
SHA1

d168a4ab83fb3a8afdc91a172a4ab4672d8041e7
SHA256

12079254c397d006c69f17e6d7a0b301cea7975eaba352ef74d13a0e6996c888
SHA512

168ddb32c9a7b89c8a51a31f0234d24729b6cd099459394b750eb85d8baf3746e5bd9f46d0a5235d823d44f2540a9d96b78cb01432a479ccfb893aeb0595a61a
SSDEEP

3072:PT5y2KY5emKwy8E5p0g2JjYA9UJyMFcqgyLJbGTwXQoOXH0K6obAWVB:rI2KY5DKwvup0g26A9UJf7gyt+wE5xA0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
34386aaa61901b9ac601f85bded7ff4d_JaffaCakes118

Files

34386aaa61901b9ac601f85bded7ff4d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

34429113d0e3ea20e79ac09b5bd5a016

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

bind
listen
accept
WSAStartup
socket
WSACleanup
gethostbyname
inet_addr
ioctlsocket
htons
connect
send
recv
closesocket

wininet

InternetSetOptionA

advapi32

DeleteService
OpenSCManagerA
CreateServiceA
ChangeServiceConfig2A
StartServiceA
CloseServiceHandle
OpenServiceA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus
RegOpenKeyA
RegSetValueExA
RegCloseKey
QueryServiceStatus

kernel32

GetStringTypeW
IsBadCodePtr
SetStdHandle
GetACP
GetOEMCP
LoadLibraryA
LCMapStringA
LCMapStringW
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetStringTypeA
LeaveCriticalSection
CloseHandle
WriteFile
CreateFileA
ReadFile
WaitForSingleObject
ReleaseMutex
FormatMessageA
GetLastError
GetWindowsDirectoryA
CreateThread
Sleep
GetLocalTime
OutputDebugStringA
FindClose
FindNextFileA
FindFirstFileA
SetEvent
CreateEventA
CreateProcessA
DeleteFileA
GetTempPathA
GetTickCount
TerminateThread
SetFileAttributesA
GetVersionExA
CopyFileA
Process32Next
Process32First
CreateToolhelp32Snapshot
GetModuleFileNameA
GetEnvironmentVariableA
CreateMutexA
EnterCriticalSection
InitializeCriticalSection
InterlockedExchange
DeleteCriticalSection
CreateDirectoryA
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
RtlUnwind
GetTimeZoneInformation
GetSystemTime
HeapFree
HeapAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
RaiseException
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
HeapReAlloc
HeapSize
GetProcAddress
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
SetFilePointer
FlushFileBuffers
SetUnhandledExceptionFilter
GetCPInfo
IsBadReadPtr

Sections

.text
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

34429113d0e3ea20e79ac09b5bd5a016

Headers

File Characteristics

Imports

wsock32

wininet

advapi32

kernel32

Sections

.text Size: 124KB - Virtual size: 123KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 48KB - Virtual size: 72KB

.text
Size: 124KB - Virtual size: 123KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 48KB - Virtual size: 72KB