5a2423cd997f2d9e1df1b99c5160d9b2_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

5a2423cd997f2d9e1df1b99c5160d9b2_JaffaCakes118
Size

136KB
MD5

5a2423cd997f2d9e1df1b99c5160d9b2
SHA1

3450c77c8e81bf1d87e2fc302f5b69abc5dcb2f6
SHA256

eb868b52b10b97108d4cfeb0cdb0c8d00461fb140e0a606419c58c0e249f694c
SHA512

ff562eb0a5506a6bb4b533e241c0430ee8f229cbfd12b222e0dde5447e100170d86e1a9faaf10493b0ee6ba9cb246173060e5059126a3fb380365c88e87ab3e2
SSDEEP

3072:Jz+kVyEtF8RZTrlmfMRDytJXhrimbk92cv:d+kV3bWZT2oq+KkZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5a2423cd997f2d9e1df1b99c5160d9b2_JaffaCakes118

Files

5a2423cd997f2d9e1df1b99c5160d9b2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

66cda3a74985fc2180a0a324021677da

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

gethostbyname
socket
shutdown
setsockopt
recv
send
inet_ntoa
WSAStartup
WSACleanup
inet_addr
closesocket
htons
connect
WSAEventSelect
WSAGetLastError
WSAEnumNetworkEvents
ioctlsocket

kernel32

GetStringTypeW
GetStringTypeA
SetFilePointer
WriteFile
RtlUnwind
GetFileType
SetStdHandle
GetStdHandle
DeleteCriticalSection
CreateThread
InitializeCriticalSection
Sleep
SetEvent
MultiByteToWideChar
WideCharToMultiByte
CreateFileA
CreateEventA
LoadLibraryA
CloseHandle
FlushFileBuffers
GetLastError
WaitForMultipleObjects
ResetEvent
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
CreateProcessA
GetStartupInfoA
GetProfileStringW
GetVersionExA
GetUserDefaultLCID
GetCommandLineA
GetCPInfo
GetACP
GetOEMCP
SetEndOfFile
UnhandledExceptionFilter
ReadFile
LCMapStringA
LCMapStringW
GetProcAddress
FreeLibrary
GetModuleHandleA
HeapReAlloc
HeapFree
GetCurrentProcess
TerminateProcess
SetHandleCount
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
ExitProcess
GetVersion
FreeEnvironmentStringsA
HeapAlloc
GetEnvironmentStringsW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStrings

user32

DispatchMessageA
ShowWindow
MessageBoxA
DefWindowProcA
GetMessageA
LoadIconA
TranslateMessage
wsprintfA
LoadCursorA
RegisterClassA
CreateWindowExA

gdi32

GetStockObject

winspool.drv

FindClosePrinterChangeNotification
FindNextPrinterChangeNotification
OpenPrinterW
FindFirstPrinterChangeNotification
ClosePrinter
OpenPrinterA
EnumPrintersW
EnumPrintersA
GetPrinterA

advapi32

InitializeSecurityDescriptor
RegCloseKey
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
SetSecurityDescriptorDacl

ole32

CoTaskMemFree
CoUninitialize
CoCreateInstance
CoInitializeEx

Sections

.text
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.trdata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

66cda3a74985fc2180a0a324021677da

Headers

File Characteristics

Imports

ws2_32

kernel32

user32

gdi32

winspool.drv

advapi32

ole32

Sections

.text Size: 40KB - Virtual size: 38KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 8KB - Virtual size: 10KB

.rsrc Size: 4KB - Virtual size: 2KB

.trdata Size: 76KB - Virtual size: 76KB

.text
Size: 40KB - Virtual size: 38KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 8KB - Virtual size: 10KB

.rsrc
Size: 4KB - Virtual size: 2KB

.trdata
Size: 76KB - Virtual size: 76KB