3dad272b65c3f2004727758427628a27_JaffaCakes118

General

Target

3dad272b65c3f2004727758427628a27_JaffaCakes118
Size

437KB
MD5

3dad272b65c3f2004727758427628a27
SHA1

7f552cca6cecc7e327704393eb25865e64979e74
SHA256

a200c853df1a0ba2b71905b5ca6eabbe07dd4521b33e14ea25b81a90487e1f7b
SHA512

96e387be59591fb6df72c99d3b99aae5cfac1205d826aa0e23255e8a278180b269ed29e51f6858e8552ae450546520257a98142c962c7572ea6f095aabe1492e
SSDEEP

12288:PFTYEDJjzs0gwIDakG7lNXouZZafwl2BjDp:80gwIDF6lNYsaYl2BjDp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3dad272b65c3f2004727758427628a27_JaffaCakes118

Files

3dad272b65c3f2004727758427628a27_JaffaCakes118
.exe windows:4 windows x86 arch:x86

126f6bbbceecc12a14c1871a55e4daaa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadFile
WriteFile
CreateProcessA
GetSystemDirectoryA
WaitForSingleObject
CloseHandle
CreatePipe
GetLastError
DeleteFileA
FindClose
GetLogicalDrives
PeekNamedPipe
SetCurrentDirectoryA
FindNextFileA
FileTimeToSystemTime
FileTimeToLocalFileTime
Sleep
CreateFileA
ResumeThread
SuspendThread
TerminateThread
CreateThread
TerminateProcess
FindFirstFileA
GetCurrentDirectoryA
GetDriveTypeA
GetStdHandle
SetLastError
GetModuleHandleA
GetStartupInfoA
OutputDebugStringA
GetCurrentThreadId
GetCurrentProcessId
GlobalMemoryStatus
FreeLibrary
GetProcAddress
LoadLibraryA
QueryPerformanceCounter
FlushConsoleInputBuffer
GetVersionExA
GetTickCount

advapi32

StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus

msvcrt

__set_app_type
_controlfp
_except_handler3
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
atoi
ftell
fseek
sscanf
_stat
getenv
tolower
fwrite
_setmode
memmove
signal
fputs
gmtime
_ftol
__mb_cur_max
_isctype
_pctype
sprintf
_exit
_strupr
_strnicmp
_stricmp
rand
vsprintf
fflush
fprintf
_iob
_errno
fopen
fclose
fread
bsearch
qsort
_getch
_fileno
fgets
free
realloc
malloc
strerror
strncpy
strchr
abort
time
strncmp
memchr
strcmp

ws2_32

gethostbyname
inet_addr
gethostname
htons
WSACleanup
WSAStartup
WSASetLastError
closesocket
connect
setsockopt
socket
shutdown
recv
send
WSAGetLastError
select
__WSAFDIsSet

Sections

.text
Size: 290KB - Virtual size: 290KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

126f6bbbceecc12a14c1871a55e4daaa

Headers

File Characteristics

Imports

kernel32

advapi32

msvcrt

ws2_32

Sections

.text Size: 290KB - Virtual size: 290KB

.rdata Size: 38KB - Virtual size: 37KB

.data Size: 108KB - Virtual size: 115KB

.text
Size: 290KB - Virtual size: 290KB

.rdata
Size: 38KB - Virtual size: 37KB

.data
Size: 108KB - Virtual size: 115KB