4779bf3e22c9650cce37a0384b5cb391_JaffaCakes118

General

Target

4779bf3e22c9650cce37a0384b5cb391_JaffaCakes118
Size

50KB
MD5

4779bf3e22c9650cce37a0384b5cb391
SHA1

f9a38954d971e963c47bf168be1a0b168456c08f
SHA256

c5b14848de94c04f1b762b1fb88537d3b991d01eaf339513a690bb680ff9d7b3
SHA512

0248e469c471f92a204a01b06890968bcbf30c5a7d0bc0509c5ae9f59a7f291724682b8ee31b235222375dd8bd91b4e74c4f56ca701ddfa7b89a3e3d19a1476c
SSDEEP

768:IO7nvyrT1gfgMHPCbFfrPyLlJgWWvxXgmW9ObCqQLP3TBLUNJcbi:IOm6YOCJmQ5W9ObCqiP310cm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4779bf3e22c9650cce37a0384b5cb391_JaffaCakes118

Files

4779bf3e22c9650cce37a0384b5cb391_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9b74a9e19de316c051a8cfd75e5449b0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

gethostname
WSAStartup
shutdown
WSASocketW
WSAEnumProtocolsW
ioctlsocket
__WSAFDIsSet
getsockopt
WSAGetLastError
gethostbyaddr
inet_ntoa
connect
send
inet_addr
gethostbyname
socket
select
recv
closesocket
ntohs
htons
sendto

kernel32

CloseHandle
GetFileSize
CreateFileA
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
lstrcatA
lstrlenA
OutputDebugStringA
HeapFree
SystemTimeToFileTime
GetLocalTime
GetTickCount
Sleep
lstrcpynA
GetProcAddress
LoadLibraryA
GetModuleHandleA
SetEvent
OpenEventA
WriteFile
GetSystemDirectoryA
CreateProcessA
lstrcmpA
LeaveCriticalSection
EnterCriticalSection
lstrcmpiA
TerminateThread
SetThreadPriority
CreateThread
WaitForSingleObject
InitializeCriticalSection
QueueUserWorkItem
HeapReAlloc
GetSystemTimeAsFileTime
GetTimeZoneInformation
FileTimeToLocalFileTime
FileTimeToSystemTime
GetVolumeInformationA
GetComputerNameA
GetProcessHeap
HeapAlloc
lstrcpyA

user32

DrawTextA
wsprintfA
wvsprintfA

gdi32

CreateDCA
CreateCompatibleDC
CreateDIBSection
SetTextColor
SetBkColor
CreateFontA
CreatePen
DeleteObject
MoveToEx
LineTo
SetPixel
SelectObject
StretchBlt
DeleteDC

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
OpenSCManagerA
OpenServiceA
CloseServiceHandle
ControlService
DeleteService

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9b74a9e19de316c051a8cfd75e5449b0

Headers

File Characteristics

Imports

ws2_32

kernel32

user32

gdi32

advapi32

Sections

.text Size: 37KB - Virtual size: 37KB

.data Size: 9KB - Virtual size: 9KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 37KB - Virtual size: 37KB

.data
Size: 9KB - Virtual size: 9KB

.reloc
Size: 2KB - Virtual size: 2KB