4bd2f96b04debc690e2e49074a198046_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4bd2f96b04debc690e2e49074a198046_JaffaCakes118
Size

249KB
MD5

4bd2f96b04debc690e2e49074a198046
SHA1

8a27ddd7b2172d526bdc90f810744c5ad881a4fe
SHA256

4b3694a127f1cfca888a6f028e339e742a4838d5eba87c010903fe6301a4dddb
SHA512

bc0d425e3cada8f1d3e5fae9ab3c30a5d611add063ba61ddb34dde2a845fc763f6564c2cf7c09b913a4009733ae851b3bb84649892633ed61b6e6961fdc45f69
SSDEEP

6144:uOB7ZB3Cm66SGRga8E3uJGCT/SV52kAhKkODUqInK8G7ApBKdH:uGd9Cm6l4z5+JGK42kAh3qfv7ApBmH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4bd2f96b04debc690e2e49074a198046_JaffaCakes118

Files

4bd2f96b04debc690e2e49074a198046_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6489088aefd8928bc3cb1eb5c2197be1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

ntohs
gethostbyname
WSAStartup
send
WSACancelBlockingCall
bind
recv
WSASetLastError
setsockopt
socket
accept
connect
getservbyname
htons
shutdown
htonl
inet_ntoa
closesocket
getsockopt
ntohl
WSAGetLastError
WSACleanup
listen

kernel32

FlushConsoleInputBuffer
CloseHandle
FreeLibrary
GetStdHandle
GetFileType
GetThreadTimes
GetCurrentThreadId
GlobalMemoryStatus
SetLastError
GetLocalTime
VirtualAlloc

gdi32

DeleteDC
GetDeviceCaps
CreateCompatibleBitmap
GetBitmapBits
GetObjectA
SelectObject
BitBlt
CreateDCA
CreateCompatibleDC
DeleteObject

user32

MessageBoxIndirectA

mscms

CreateColorTransformA
SetColorProfileElement
InstallColorProfileW
UnregisterCMMW
GetColorProfileFromHandle
GenerateCopyFilePaths

dinput8

DllCanUnloadNow
DirectInput8Create
DllGetClassObject
DllUnregisterServer

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.J
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.TKFjPM
Size: 1KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.s
Size: 1024B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dMAcRw
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 213KB - Virtual size: 481KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6489088aefd8928bc3cb1eb5c2197be1

Headers

DLL Characteristics

File Characteristics

Imports

wsock32

kernel32

gdi32

user32

mscms

dinput8

Sections

.text Size: 18KB - Virtual size: 17KB

.J Size: 1KB - Virtual size: 4KB

.rdata Size: 1KB - Virtual size: 1KB

.TKFjPM Size: 1KB - Virtual size: 10KB

.s Size: 1024B - Virtual size: 6KB

.dMAcRw Size: 1024B - Virtual size: 1KB

.data Size: 213KB - Virtual size: 481KB

.rsrc Size: 10KB - Virtual size: 10KB

.text
Size: 18KB - Virtual size: 17KB

.J
Size: 1KB - Virtual size: 4KB

.rdata
Size: 1KB - Virtual size: 1KB

.TKFjPM
Size: 1KB - Virtual size: 10KB

.s
Size: 1024B - Virtual size: 6KB

.dMAcRw
Size: 1024B - Virtual size: 1KB

.data
Size: 213KB - Virtual size: 481KB

.rsrc
Size: 10KB - Virtual size: 10KB