3c227b223e28443d43bbf78da1be01a2_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3c227b223e28443d43bbf78da1be01a2_JaffaCakes118
Size

31KB
MD5

3c227b223e28443d43bbf78da1be01a2
SHA1

13c4647dc81e6e78edc677a9fe3eee80c0bd19b6
SHA256

e175cbc849fb40e79366e7d8c29d2067e6a8488c664586a3345411235e1ddf94
SHA512

e37c4a28443ef98669f3a203739bc516dd6d2c2899aba7a70c5af15b80f94d2b514a26b9ff112ecf8a4577747f761171725ba526f7c957c0cead382b9bd7cae1
SSDEEP

768:8JvhAvTFmwRpXfxP2MrZHpH0CBzM98B9Hd9wiHTO:ShAlpXx2spDM8n9C

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3c227b223e28443d43bbf78da1be01a2_JaffaCakes118

Files

3c227b223e28443d43bbf78da1be01a2_JaffaCakes118
.exe windows:5 windows x86 arch:x86

0033809631d990fd93c5ef648db3cff6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetModuleFileNameExA
EnumProcessModules

ws2_32

WSACleanup
WSAIoctl
connect
htons
inet_addr
setsockopt
bind
socket
accept
ntohs
recv
send
select
closesocket
gethostname
WSAGetLastError
gethostbyname
inet_ntoa
WSAStartup
listen

advapi32

LookupPrivilegeValueA
OpenProcessToken
ControlService
DeleteService
OpenServiceA
RegCloseKey
QueryServiceConfigA
QueryServiceStatus
OpenSCManagerA
EnumServicesStatusA
CloseServiceHandle
OpenEventLogA
ClearEventLogA
CloseEventLog
RegCreateKeyA
RegDeleteValueA
RegSetValueExA
RegOpenKeyA
RegQueryValueExA
AdjustTokenPrivileges

kernel32

Module32First
Sleep
PeekNamedPipe
WriteFile
DisconnectNamedPipe
WaitForMultipleObjects
TerminateThread
CreateThread
GetDiskFreeSpaceExA
GetVolumeInformationA
GetDriveTypeA
GetSystemDefaultLangID
GetTickCount
GlobalMemoryStatus
WaitForSingleObject
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ReadFile
CloseHandle
GetLastError
GetCurrentProcess
GetVersionExA
HeapFree
HeapAlloc
GetProcessHeap
FileTimeToSystemTime
FileTimeToLocalFileTime
VirtualQueryEx
ReadProcessMemory
GetSystemInfo
OpenProcess
CreateProcessA
GetSystemDirectoryA
GetStartupInfoA
CreatePipe
ExitThread
Module32Next
WinExec
GetEnvironmentVariableW
FreeLibrary
GetProcAddress
LoadLibraryA
Process32Next
Process32First
CreateToolhelp32Snapshot
TerminateProcess

user32

ExitWindowsEx

gdi32

CreateDCA
GetDeviceCaps
DeleteDC

urlmon

URLDownloadToFileA

msvcr90

strncmp
_local_unwind4
_strupr
sprintf
memcpy
free
malloc
memset
atoi
strncpy
_except_handler4_common
printf
strstr
_crt_debugger_hook
_wcsicmp
_strnicmp
_stricmp

Sections

.text
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0033809631d990fd93c5ef648db3cff6

Headers

DLL Characteristics

File Characteristics

Imports

psapi

ws2_32

advapi32

kernel32

user32

gdi32

urlmon

msvcr90

Sections

.text Size: 16KB - Virtual size: 20KB

.rdata Size: 8KB - Virtual size: 12KB

.data Size: 3KB - Virtual size: 16KB

.rsrc Size: 1024B - Virtual size: 688B

.text
Size: 16KB - Virtual size: 20KB

.rdata
Size: 8KB - Virtual size: 12KB

.data
Size: 3KB - Virtual size: 16KB

.rsrc
Size: 1024B - Virtual size: 688B