3e4b6ee96b4b5c11b645e32571e47e5d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3e4b6ee96b4b5c11b645e32571e47e5d_JaffaCakes118
Size

116KB
MD5

3e4b6ee96b4b5c11b645e32571e47e5d
SHA1

bff567100a818e12f6145dd43c18940bf7745891
SHA256

1712567b551cd9265f95fa0dcbaafb8b906e7e989f12950f7e7e473faf0afbc3
SHA512

24cf795cffb82d070a148459c723948a80ae07f400eb41f68987dbb070f438c0af96da2fecb459ca6ffc10a28fb1020e5e47300be02aa98ccfab33df7f070a7a
SSDEEP

3072:WtVLRS3TfM9fBk1iuyKPV9gkxLVU1n0WozJqylD8:WtVqTUCRFPV+kxLVin0WPE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3e4b6ee96b4b5c11b645e32571e47e5d_JaffaCakes118

Files

3e4b6ee96b4b5c11b645e32571e47e5d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6381999bba3775332602fa379df69fea

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Projects\Source\Client\BundleInstall\Release\BundleInstall.pdb

Imports

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

wininet

InternetGetConnectedState
HttpQueryInfoA
InternetReadFile
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenA
InternetCloseHandle

wsock32

gethostbyname
htons
ioctlsocket
connect
send
WSAGetLastError
shutdown
closesocket
setsockopt
WSASetLastError
recv
WSAStartup
socket

kernel32

SetFilePointer
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
VirtualQuery
InterlockedExchange
GetCPInfo
GetOEMCP
GetACP
IsBadCodePtr
IsBadReadPtr
IsBadWritePtr
VirtualAlloc
GetTickCount
DeleteFileA
CloseHandle
WriteFile
CreateFileA
GetLastError
GetTempFileNameA
GetTempPathA
InitializeCriticalSection
DeleteCriticalSection
CreateDirectoryA
GetModuleFileNameA
GetSystemDirectoryA
SetEndOfFile
RemoveDirectoryA
GetWindowsDirectoryA
CopyFileA
WritePrivateProfileStringA
FreeLibrary
GetProcAddress
LoadLibraryA
WaitForSingleObject
CreateProcessA
GetStartupInfoA
MoveFileExA
SetFileAttributesA
GetFileAttributesA
lstrcmpiA
GetVersionExA
GetTimeZoneInformation
GetModuleHandleA
FindClose
FindNextFileA
FindFirstFileA
HeapFree
HeapAlloc
GetCurrentProcess
EnterCriticalSection
LeaveCriticalSection
GetLocalTime
OutputDebugStringA
ReadFile
VirtualProtect
GetSystemInfo
PeekNamedPipe
CompareStringA
CompareStringW
SetEnvironmentVariableA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileInformationByHandle
Sleep
RtlUnwind
ExitProcess
RaiseException
FlushFileBuffers
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
GetCurrentThreadId
GetCommandLineA
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
SetStdHandle
GetFileType
SetHandleCount
GetStdHandle
HeapReAlloc
TerminateProcess
HeapSize
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree

advapi32

RegCreateKeyA
RegOpenKeyExA
RegSetValueExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey

Sections

.text
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6381999bba3775332602fa379df69fea

Headers

File Characteristics

PDB Paths

Imports

version

wininet

wsock32

kernel32

advapi32

Sections

.text Size: 80KB - Virtual size: 77KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 12KB - Virtual size: 15KB

.rsrc Size: 4KB - Virtual size: 792B

.text
Size: 80KB - Virtual size: 77KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 12KB - Virtual size: 15KB

.rsrc
Size: 4KB - Virtual size: 792B