36f684f7e327a0103f587b6a40d21119_JaffaCakes118

General

Target

36f684f7e327a0103f587b6a40d21119_JaffaCakes118
Size

60KB
MD5

36f684f7e327a0103f587b6a40d21119
SHA1

c5f711474426bdd51466d2906fe23e2afc0cc002
SHA256

21e6c5042c2aa07275097fc3f5214d30fa092b5232e2faab6dd574cce18f9345
SHA512

eb2e844c41668498b31eb0498d077c2bb7204af6b46eab65176f2074a4f3e81a8c962532fd84636ca642eb992f0bfb50389a2d831f02ffec601320be9c7af074
SSDEEP

1536:Mn2ttFDu7RKCNyBTfRCzPG9+K9wRBGEVwpt:M64RjIb9UBG88t

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
36f684f7e327a0103f587b6a40d21119_JaffaCakes118

Files

36f684f7e327a0103f587b6a40d21119_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ba1674d8fbf106bdde450ed709122f72

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThreadId
InitializeCriticalSection
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
SetEnvironmentVariableA
CompareStringW
Sleep
SetEvent
CreateEventA
CloseHandle
GetFileAttributesA
GetModuleHandleA
GetModuleFileNameA
DeleteCriticalSection
lstrcpyA
CompareStringA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
SetEndOfFile
LoadLibraryA
GetProcAddress
GetOEMCP
GetACP
GetCPInfo
InterlockedIncrement
InterlockedDecrement
CreateFileA
SetFilePointer
FlushFileBuffers
SetStdHandle
GetLastError
CreateThread
TlsSetValue
TlsGetValue
ExitThread
HeapAlloc
HeapFree
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
WriteFile
ReadFile
TlsAlloc
SetLastError
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
RtlUnwind
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType

advapi32

RegisterServiceCtrlHandlerA
OpenSCManagerA
OpenServiceA
CreateServiceA
StartServiceA
CloseServiceHandle
StartServiceCtrlDispatcherA
SetServiceStatus

ws2_32

WSACleanup
WSAStartup
htonl
gethostname
setsockopt
send
sendto
recv
socket
htons
inet_addr
connect
select
closesocket
gethostbyname

wininet

InternetCrackUrlA

Sections

.text
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ba1674d8fbf106bdde450ed709122f72

Headers

File Characteristics

Imports

kernel32

advapi32

ws2_32

wininet

Sections

.text Size: 40KB - Virtual size: 36KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 17KB

.text
Size: 40KB - Virtual size: 36KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 17KB