365085abe99724d281620a54b77d2611_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

365085abe99724d281620a54b77d2611_JaffaCakes118
Size

3.7MB
MD5

365085abe99724d281620a54b77d2611
SHA1

9767c444f1c822995de1f421162c609b482f5227
SHA256

8e057f177b5b9954fad71a3ed8d5b7e64bc50efe8318d4143930d210c40013d9
SHA512

b225000a83549d778aae43a6ce97fa89aef3ce843b920176c26684f93abb92a85f59184ebd96a475e3186490ace12936f359efa82f1f60f2496a616311e6ca77
SSDEEP

49152:9hnlo/RVR+cdhHi/gBKOgf1GKbTsWgBEa+hUDyaR08uu9kusIEd46P5WOTZyY+1O:9gJVUwHi0KbTX+mJ4L+a04OTcgr2d6j1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
365085abe99724d281620a54b77d2611_JaffaCakes118

Files

365085abe99724d281620a54b77d2611_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6e185316304ec7b5f29fa1526d619a0d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
GetStartupInfoA
AllocConsole
LoadLibraryExA
RemoveDirectoryW
GetCommConfig
SetVolumeLabelA
GlobalFindAtomW
GetUserDefaultLCID
ReleaseMutex
PeekNamedPipe
GetModuleFileNameW
GetPrivateProfileSectionW
SetEnvironmentVariableW
GetFileAttributesA
VirtualQuery
DeleteFiber

version

VerFindFileA

comdlg32

ChooseColorW
PrintDlgA

shell32

SHGetSpecialFolderLocation
DragQueryPoint
DragFinish
SHGetSpecialFolderPathA

user32

CharLowerBuffW
CharUpperW
CharNextExA
GetMonitorInfoW
CreateWindowExA
SetProcessWindowStation
IsIconic
CountClipboardFormats
BroadcastSystemMessageW
DrawIcon
SetMenuItemInfoA
GetFocus
GetProcessDefaultLayout
GrayStringW
CallNextHookEx
MapWindowPoints
EnumDisplaySettingsW
SetWindowPlacement
EnumDesktopsA
GetDC
CreateIcon
GetMenuItemInfoA
GetScrollPos
GetAsyncKeyState
GetThreadDesktop
RegisterClassExW
GetClassInfoA
SetClassLongA

ws2_32

WSAGetServiceClassNameByClassIdW
WSASetServiceW
recv
WSAGetServiceClassInfoW
WSAAsyncGetServByPort
WSASendDisconnect
gethostbyaddr
sendto
WSAConnect

msvcrt

_wgetcwd
tolower
_mbsinc
_sopen
_mbsnextc
_mbscpy
fread
strpbrk
strtok
strcspn
qsort
sscanf
mbtowc
_spawnlp
_snwprintf
ftell
_dup2

Sections

.text
Size: 2KB - Virtual size: 220KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6e185316304ec7b5f29fa1526d619a0d

Headers

File Characteristics

Imports

kernel32

version

comdlg32

shell32

user32

ws2_32

msvcrt

Sections

.text Size: 2KB - Virtual size: 220KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 3.4MB - Virtual size: 3.4MB

.rsrc Size: 19KB - Virtual size: 18KB

.text
Size: 2KB - Virtual size: 220KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 3.4MB - Virtual size: 3.4MB

.rsrc
Size: 19KB - Virtual size: 18KB