5f3c52719bad3af31cf2d10d7375db35_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5f3c52719bad3af31cf2d10d7375db35_JaffaCakes118
Size

1.2MB
MD5

5f3c52719bad3af31cf2d10d7375db35
SHA1

e2f6a9d784a8ff0f222c6026bab24e21a199f157
SHA256

402727a95df0af848bf9ca8f56522680ba376169e6dd6be6270eebbeceb45973
SHA512

75d7b07efa88147298a02992591e454399df04cf162c28898db94fd9402a8fa093f6080c83e2ab64a8b6a08eab8bb3f3f55d47a27f5ec362d040a7a40a473cd6
SSDEEP

3072:b5AKhigSwwkblD+HkcQivPosVofOfxXHyfJ1jN91O:bamiVgB2kc+WftH0o

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5f3c52719bad3af31cf2d10d7375db35_JaffaCakes118

Files

5f3c52719bad3af31cf2d10d7375db35_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7d26d1bb906fe0a5347bc9cb6f34614d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSAStartup
sendto
closesocket
recv
send
listen
accept
socket
inet_ntoa
connect
WSAGetLastError
htons
bind
select
__WSAFDIsSet
ioctlsocket
gethostbyname

kernel32

CompareStringA
FlushFileBuffers
LCMapStringW
LCMapStringA
SetStdHandle
LoadLibraryA
GetProcAddress
GetOEMCP
GetACP
GetCPInfo
CompareStringW
GetStringTypeA
MultiByteToWideChar
SetFilePointer
GetLastError
WriteFile
Sleep
WinExec
GetModuleFileNameA
CreateThread
GetCurrentProcessId
SetEnvironmentVariableA
GetStringTypeW
GetModuleHandleA
HeapAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
GetTimeZoneInformation
GetSystemTime
GetLocalTime
HeapFree
RtlUnwind
CloseHandle
GetStartupInfoA
GetCommandLineA
GetVersion
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType

advapi32

RegSetValueExA
RegOpenKeyExA

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

npq4xodf
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

71.p3fur
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

1.w17a51
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7d26d1bb906fe0a5347bc9cb6f34614d

Headers

File Characteristics

Imports

wsock32

kernel32

advapi32

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1.1MB - Virtual size: 1.1MB

npq4xodf Size: 24KB - Virtual size: 24KB

71.p3fur Size: 52KB - Virtual size: 52KB

1.w17a51 Size: 4KB - Virtual size: 4KB

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1.1MB - Virtual size: 1.1MB

npq4xodf
Size: 24KB - Virtual size: 24KB

71.p3fur
Size: 52KB - Virtual size: 52KB

1.w17a51
Size: 4KB - Virtual size: 4KB