5f15315c643e25caa1011106d1295e3c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5f15315c643e25caa1011106d1295e3c_JaffaCakes118
Size

158KB
MD5

5f15315c643e25caa1011106d1295e3c
SHA1

beeb43cb7a694aa59f400ef2b3e1819f811161c3
SHA256

57e2ed2eb33d70b02fab22420dc568f304735899ea502a28a6038832f53ad2b0
SHA512

e7304b9ea44c9f9711fd4bcad6054da3a0bb0745249b48adaac6ae6500fe7dc75b2a580f31f8f77c4e72c4156e6ad5f3e9f5d4b9999af577b5c98d5f4e06a918
SSDEEP

3072:zAW8ZNRz8Xp6V5gdT4Dw+DvLgNyhklpy9yLlM6pMpZDNQ/Ur:cZNF8Xp3ygM9y+6Iv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5f15315c643e25caa1011106d1295e3c_JaffaCakes118

Files

5f15315c643e25caa1011106d1295e3c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7d627d6dce2584a51f368a49e3e9c1bc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindResourceA
CreateDirectoryA
GetTempPathA
DeleteFileA
MoveFileExA
CopyFileA
GetProcAddress
GetModuleHandleA
CreateToolhelp32Snapshot
GetCurrentProcess
WaitForSingleObject
ResumeThread
Module32Next
GetLastError
DeviceIoControl
lstrcpyA
FreeLibrary
LoadLibraryExA
GetModuleFileNameA
SetFileTime
GetFileTime
GetSystemDirectoryA
CreateThread
lstrlenA
lstrcmpiA
TerminateThread
SizeofResource
LoadResource
LockResource
WriteFile
SetFileAttributesA
MoveFileA
Sleep
CreateFileA
CloseHandle
Module32First
GetFileAttributesA
GetSystemInfo
VirtualProtect
SetEndOfFile
LCMapStringW
LCMapStringA
GetLocaleInfoA
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
SetFilePointer
InitializeCriticalSection
ExitProcess
RtlUnwind
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
SetConsoleCtrlHandler
GetCommandLineA
GetVersionExA
HeapAlloc
RaiseException
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
HeapFree
FlushFileBuffers
DeleteCriticalSection
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
HeapSize
SetUnhandledExceptionFilter
LoadLibraryA
InterlockedExchange
VirtualQuery
IsBadReadPtr
IsBadCodePtr
GetACP
GetOEMCP
GetCPInfo
SetStdHandle
ReadFile

advapi32

OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
CreateServiceA
OpenSCManagerA
OpenServiceA
ControlService
StartServiceA
CloseServiceHandle
DeleteService

ws2_32

inet_addr
accept
WSAStartup
getpeername
inet_ntoa
ntohs
select
__WSAFDIsSet
recv
send
gethostbyname
connect
htons
htonl
setsockopt
bind
listen
socket
WSACleanup
closesocket

Sections

.text
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7d627d6dce2584a51f368a49e3e9c1bc

Headers

File Characteristics

Imports

kernel32

advapi32

ws2_32

Sections

.text Size: 49KB - Virtual size: 49KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 3KB - Virtual size: 62KB

.rsrc Size: 92KB - Virtual size: 91KB

.text
Size: 49KB - Virtual size: 49KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 3KB - Virtual size: 62KB

.rsrc
Size: 92KB - Virtual size: 91KB