4d548fa449910823ef3997de4b95aa21_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4d548fa449910823ef3997de4b95aa21_JaffaCakes118
Size

56KB
MD5

4d548fa449910823ef3997de4b95aa21
SHA1

ec76c22d6dd73fed8dcba8d011849918e78e454e
SHA256

e78557968e2021c79b61d2b104bf3945d1e9bf71eb78d39ef33faf5d49fdc95e
SHA512

08e8f0b3328aab1162f919d39e9cdb47df49e5674b7236e634da93c9bbfd83ed5d768560e7b313569e72a4d8a04c8741adc6c6b0fd7ce41a021e6ffc82427bdd
SSDEEP

768:fvyxnjsdsIwJhBe/eG7Ra7PAebKZkT9HzmM4yGv4zc:H8njsVwTB0dAPLIkTdf4n4Q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4d548fa449910823ef3997de4b95aa21_JaffaCakes118

Files

4d548fa449910823ef3997de4b95aa21_JaffaCakes118
.exe windows:4 windows x86 arch:x86

116995c07483df2b51a7245a62fd7d00

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SizeofResource
LockResource
LoadResource
FindResourceA
DeleteFileA
GetModuleFileNameA
GetWindowsDirectoryA
GetSystemDirectoryA
MoveFileExA
CopyFileA
SetFileAttributesA
InitializeCriticalSection
GetModuleHandleA
GetCommandLineA
GetCurrentProcess
GetLastError
CreateMutexA
LeaveCriticalSection
EnterCriticalSection
FreeLibrary
GetProcAddress
LoadLibraryA
TerminateProcess
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
ExitThread
WriteProcessMemory
GlobalFree
Sleep
GetComputerNameA
GetVersionExA
GlobalMemoryStatus
CloseHandle
lstrlenA

user32

TranslateMessage
GetMessageA
UpdateWindow
DispatchMessageA
CreateWindowExA
RegisterClassA
PostQuitMessage
DefWindowProcA
ShowWindow
wsprintfA

advapi32

RegDeleteValueA
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegDeleteKeyA

mfc42

ord1575
ord6779
ord1105
ord2818
ord939
ord5207
ord389
ord823
ord825
ord6663
ord561
ord815
ord540
ord800
ord537
ord6877
ord665
ord1979
ord6385
ord5186
ord354
ord941
ord2614
ord535

msvcrt

__set_app_type
_itoa
__CxxFrameHandler
atoi
free
malloc
exit
_mbscmp
__dllonexit
_onexit
_exit
_XcptFilter
__p___initenv
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_stricmp
_except_handler3
_controlfp

msvcp60

??1Init@ios_base@std@@QAE@XZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??0Init@ios_base@std@@QAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z

ws2_32

closesocket
connect
WSAAsyncSelect
send
htons
WSAStartup
WSACleanup
recv
socket
inet_addr
gethostbyname
WSAGetLastError

netapi32

Netbios

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

116995c07483df2b51a7245a62fd7d00

Headers

File Characteristics

Imports

kernel32

user32

advapi32

mfc42

msvcrt

msvcp60

ws2_32

netapi32

Sections

.text Size: 12KB - Virtual size: 8KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 32KB - Virtual size: 28KB

.text
Size: 12KB - Virtual size: 8KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 32KB - Virtual size: 28KB