3ad24e87572c059091d0a2a35b0bf40e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3ad24e87572c059091d0a2a35b0bf40e_JaffaCakes118
Size

512KB
MD5

3ad24e87572c059091d0a2a35b0bf40e
SHA1

c7f927fdb2ef7da6d82eb9ae5cb2909d6be99b3a
SHA256

2d229a1c47d7134768fb5237e5659e903a032e8d60b233caadee987677821c4e
SHA512

2ab9548de096d336170ce33d1f124d9e90313df81791f733a38a8dcf1e78601f1f990af60c134467971e5df69dbb4e77623663ee126b685dc2dd870bd6874d95
SSDEEP

1536:Upu1sZPC9qauv2OPR72eJOvlfNqHInbVbzLJ1HAPCleDD8s95wuXyLMKldIgVvh4:F1sJstujweO4HEbVLgMc5wuKM+3hO5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3ad24e87572c059091d0a2a35b0bf40e_JaffaCakes118

Files

3ad24e87572c059091d0a2a35b0bf40e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

21406045f0a43f3cb90c459ace55f43b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

dnsapi

DnsQuery_A
DnsRecordListFree

UnlockFile
LockFile
CloseHandle
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetCurrentProcess
DuplicateHandle
lstrcpynA
lstrcpyA
lstrcatA
SetErrorMode
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
InterlockedDecrement
InterlockedIncrement
FreeLibrary
GetSystemTime
GetCommandLineA
GetModuleFileNameA
CreateProcessA
FormatMessageA
LocalAlloc
LocalFree
GetTickCount
SetLastError
GetTimeZoneInformation
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
OpenEventA
GetLastError
CreateEventA
WaitForSingleObject
ResetEvent
SetEvent
DeleteFileA
SetCurrentDirectoryA
CreateThread
ExitProcess
GetWindowsDirectoryA
Sleep
ord17
ord101
ord12
ord17
ord20
ord111
ord115
ord18
ord8
ord16
ord19
ord4
ord9
ord112
ord23
ord52
ord11
ord57
ord10
ord51
ord2
ord1
ord3
ord116

Sections

.text
Size: - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pklstb
Size: 108KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.relo2
Size: 4KB - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

21406045f0a43f3cb90c459ace55f43b

Headers

File Characteristics

Imports

dnsapi

Sections

.text Size: - Virtual size: 144KB

.rdata Size: 32KB - Virtual size: 31KB

.data Size: - Virtual size: 75KB

.rsrc Size: 4KB - Virtual size: 2KB

.pklstb Size: 108KB - Virtual size: 124KB

.relo2 Size: 4KB - Virtual size: 60B

.text
Size: - Virtual size: 144KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: - Virtual size: 75KB

.rsrc
Size: 4KB - Virtual size: 2KB

.pklstb
Size: 108KB - Virtual size: 124KB

.relo2
Size: 4KB - Virtual size: 60B