37b268b858dfebfb3f3bbd0e735fa14f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

37b268b858dfebfb3f3bbd0e735fa14f_JaffaCakes118
Size

432KB
MD5

37b268b858dfebfb3f3bbd0e735fa14f
SHA1

f9ea2c05b4468ca15e7f5da60b53c5fb9267b432
SHA256

cce448a6d31d3453f378f3e7ccf34d32625bc2c8b9eee58b3c94a74642133665
SHA512

9563cb290f707c40021d9ccae4b3757aefc5b08a049a8dd86d14730c03c1e923257066dc490f15443629514dd5d490164fd6586df7ea0bb137d3cf2829166a67
SSDEEP

6144:Mx5xo9RlJ6TbnvSCllj1B97NFid3cXzfnlEV0nAKY5o/gewDqF/XjRBJYC55lf:Mx5xo9h6T2oLxNFC3cDfn6ynHdg0FF3f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
37b268b858dfebfb3f3bbd0e735fa14f_JaffaCakes118

Files

37b268b858dfebfb3f3bbd0e735fa14f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0a5e73ec85c163442fa2319e888dce32

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoInitializeEx
CoTaskMemFree
CoUninitialize
CoCreateInstance

mswsock

AcceptEx
GetAcceptExSockaddrs

ntdll

_wcsicmp
_chkstk
RtlUnicodeStringToAnsiString
RtlIsNameLegalDOS8Dot3
RtlUnicodeToMultiByteSize
RtlAnsiStringToUnicodeString
NtQueryVirtualMemory
NtAllocateVirtualMemory
RtlInitUnicodeStringEx
strlen
memmove
wcslen

kernel32

GetFullPathNameW
TerminateProcess
GlobalReAlloc
LocalReAlloc
TlsSetValue
CreateFileW
TlsFree
LoadLibraryW
GlobalFree
SetCurrentDirectoryW
lstrcpyA
GetModuleHandleW
GetCurrentDirectoryW
GetLocaleInfoW
GetCurrentThreadId
GetACP
DisableThreadLibraryCalls
SetUnhandledExceptionFilter
GetUserDefaultLCID
LockResource
lstrcpynW
ResetEvent
FindResourceExW
MulDiv
SetEvent
GetSystemDefaultUILanguage
GlobalLock
GetLastError
EnterCriticalSection
GetVersionExA
FindResourceW
CloseHandle
SetLastError
GetModuleHandleA
GetTempFileNameW
DeleteFileW
FreeResource
GetProcessVersion
DelayLoadFailureHook
LocalFree
GetVolumeInformationW
FindClose
FindNextFileW
GlobalAlloc
InterlockedDecrement
MultiByteToWideChar
lstrlenW
InterlockedIncrement
LeaveCriticalSection
InterlockedExchange
GetFileAttributesW
GetCurrentProcess
FreeLibrary
lstrcmpiW
GetModuleFileNameW
CreateThread
TlsGetValue
LoadResource
GetDriveTypeW
TlsAlloc
lstrcpyW
FindFirstFileW
SetErrorMode
GetProcAddress
GetProfileStringW
LocalSize
SizeofResource
lstrlenA
FindResourceA
FormatMessageW
WaitForSingleObject
GetShortPathNameW
GetSystemTimeAsFileTime
CreateEventW
GetTickCount
FreeLibraryAndExitThread
QueryPerformanceCounter
DeleteCriticalSection
ExpandEnvironmentStringsW
GetCurrentProcessId
LocalAlloc
InterlockedCompareExchange
UnhandledExceptionFilter
GlobalUnlock
InitializeCriticalSectionAndSpinCount
lstrcmpW
LoadLibraryA
WideCharToMultiByte

userenv

RsopSetPolicySettingStatus

dnsapi

DnsReplaceRecordSetW

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 122KB - Virtual size: 920KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 240KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0a5e73ec85c163442fa2319e888dce32

Headers

File Characteristics

Imports

ole32

mswsock

ntdll

kernel32

userenv

dnsapi

Sections

.text Size: 12KB - Virtual size: 12KB

.data Size: 122KB - Virtual size: 920KB

.rdata Size: 240KB - Virtual size: 240KB

.rsrc Size: 56KB - Virtual size: 56KB

.text
Size: 12KB - Virtual size: 12KB

.data
Size: 122KB - Virtual size: 920KB

.rdata
Size: 240KB - Virtual size: 240KB

.rsrc
Size: 56KB - Virtual size: 56KB