3c601a5064168bd59e3510ab00c4d2cc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3c601a5064168bd59e3510ab00c4d2cc_JaffaCakes118
Size

124KB
MD5

3c601a5064168bd59e3510ab00c4d2cc
SHA1

a0f09afb93a16f945d2790d6f0f267c9683ae106
SHA256

3ea8e8bf15db71816c3a1f17f463b59fc27fb961a7b5373ac4ae02be8b3a99d9
SHA512

a5f73e56704376b6d7e17803f201602acaeb77b3b86260150a3f613b9d1c8559ec00e95f7c28d811fe72e7977ca56046d7e7f75eb5a6557fa0f7bf0707c01f9b
SSDEEP

3072:VbyqPMNhZJ8Ele+Q5oRFdPev4ygW8lddXl9Ljs+klns:VbyqqhZJ8ElQ5ofdPTCyddL4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3c601a5064168bd59e3510ab00c4d2cc_JaffaCakes118

Files

3c601a5064168bd59e3510ab00c4d2cc_JaffaCakes118
.exe windows:4 windows x86 arch:x86

36dfe994126a4ae16993275e0ee9a2a4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

select
__WSAFDIsSet
accept
recv
ioctlsocket
connect
WSAStartup
send
bind
listen
getsockname
htonl
ntohl
shutdown
gethostname
gethostbyname
gethostbyaddr
WSASocketA
setsockopt
WSAGetLastError
socket
htons
sendto
closesocket
inet_ntoa
inet_addr

kernel32

GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
LCMapStringW
LCMapStringA
FlushFileBuffers
GetStringTypeW
GetTickCount
Sleep
LeaveCriticalSection
EnterCriticalSection
IsBadReadPtr
GetComputerNameA
GetTempPathA
GetLastError
GetProcAddress
LoadLibraryA
FreeLibrary
Process32Next
CloseHandle
TerminateProcess
OpenProcess
Process32First
CreateToolhelp32Snapshot
GetVersionExA
GetSystemInfo
GlobalMemoryStatus
GetCurrentDirectoryA
GetExitCodeProcess
ExitProcess
ReleaseMutex
CreateProcessA
GetSystemDirectoryA
ExitThread
DeleteFileA
CreateDirectoryA
GetFileType
FindClose
FileTimeToSystemTime
FindNextFileA
FindFirstFileA
CopyFileA
RemoveDirectoryA
SetCurrentDirectoryA
ReadFile
CreateFileA
GetFileSize
GetFullPathNameA
SetFilePointer
QueryPerformanceFrequency
WriteFile
WaitForSingleObject
PeekNamedPipe
DuplicateHandle
GetCurrentProcess
CreatePipe
CreateMutexA
GetModuleFileNameA
SetUnhandledExceptionFilter
SetConsoleCtrlHandler
InitializeCriticalSection
GetCurrentThreadId
GetCommandLineA
GetEnvironmentVariableA
RtlUnwind
UnhandledExceptionFilter
TlsGetValue
SetLastError
TlsAlloc
GetSystemTimeAsFileTime
GetVersion
GetStartupInfoA
GetModuleHandleA
InterlockedIncrement
SetStdHandle
GetCPInfo
GetACP
GetOEMCP
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
FileTimeToLocalFileTime
MoveFileA
GetDriveTypeA
InterlockedDecrement
HeapReAlloc
GetStringTypeA
MultiByteToWideChar
WideCharToMultiByte
DeleteCriticalSection
VirtualAlloc
VirtualFree
HeapCreate
ResumeThread
CreateThread
TlsSetValue
HeapAlloc
HeapFree
GetTimeZoneInformation
GetSystemTime
GetLocalTime
HeapDestroy

user32

PeekMessageA
GetMessageA
DispatchMessageA
ExitWindowsEx
IsWindow
ShowWindow
DestroyWindow
UnregisterClassA
RegisterClassExA
CreateWindowExA
DefWindowProcA
SendMessageA

advapi32

CryptGenRandom
CryptReleaseContext
OpenSCManagerA
CreateServiceA
CloseServiceHandle
RegCreateKeyExA
RegSetValueExA
RegCloseKey
LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges
RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceCtrlDispatcherA
GetUserNameA
CryptAcquireContextA

shell32

ShellExecuteA

wininet

InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetCloseHandle
InternetGetConnectedState

version

GetFileVersionInfoA
VerQueryValueA

Sections

PESHiELD
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PESHiELD
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PESHiELD
Size: 24KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

36dfe994126a4ae16993275e0ee9a2a4

Headers

File Characteristics

Imports

ws2_32

kernel32

user32

advapi32

shell32

wininet

version

Sections

PESHiELD Size: 88KB - Virtual size: 88KB

PESHiELD Size: 8KB - Virtual size: 8KB

PESHiELD Size: 24KB - Virtual size: 1.1MB

PESHiELD
Size: 88KB - Virtual size: 88KB

PESHiELD
Size: 8KB - Virtual size: 8KB

PESHiELD
Size: 24KB - Virtual size: 1.1MB