5f3e67c71ebf107fb7a30bce0633525b_JaffaCakes118

General

Target

5f3e67c71ebf107fb7a30bce0633525b_JaffaCakes118
Size

55KB
MD5

5f3e67c71ebf107fb7a30bce0633525b
SHA1

825c1b46e42f7bd425ec3ed180f5c1022142af01
SHA256

8cfe22f1d949aea76fe0c2a7e028b714c2bf8c2cbc7e56c498b62e45ca54986b
SHA512

a76bc92eb4cad0dbc0bb0d38bce16ee440f98f6bad9be3e51e9bf0865af2524006c3cba674d2669908293d29585da0b5991d161d76f187dcc539caa2c3568fa5
SSDEEP

768:y1JqF6+akLmJ3/ZqWYfgluyTtugVJ5vdK8X1vmZ1LrIpo9rIDj:yHqF6kU3OoluyTtugNvdKs1o1XCoNIP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5f3e67c71ebf107fb7a30bce0633525b_JaffaCakes118

Files

5f3e67c71ebf107fb7a30bce0633525b_JaffaCakes118
.dll windows:4 windows x86 arch:x86

515d45eb519a58cf8a08b47c770e125b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
CreateThread
CreateSemaphoreA
DeleteFileA
lstrlenA
CloseHandle
ReleaseMutex
GetLastError
CreateMutexA
ReleaseSemaphore
GetVersionExA
GetTickCount
SetUnhandledExceptionFilter
Sleep
RtlUnwind
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
SetEndOfFile
LoadLibraryA
GetProcAddress
HeapAlloc
HeapFree
GetCommandLineA
GetVersion
HeapDestroy
HeapCreate
VirtualFree
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
VirtualAlloc
HeapReAlloc
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
ReadFile
WriteFile
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetFilePointer
InterlockedDecrement
InterlockedIncrement
SetStdHandle
FlushFileBuffers
CreateFileA
GetCPInfo
GetACP
GetOEMCP

advapi32

RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegQueryValueExA

ws2_32

WSAStartup
send
recv
socket
connect
WSASocketA
setsockopt
ntohl
htons
htonl
sendto
closesocket
gethostname
inet_addr
gethostbyname
inet_ntoa

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

515d45eb519a58cf8a08b47c770e125b

Headers

File Characteristics

Imports

kernel32

advapi32

ws2_32

Sections

.text Size: 28KB - Virtual size: 25KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 8KB - Virtual size: 9KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 28KB - Virtual size: 25KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 8KB - Virtual size: 9KB

.reloc
Size: 4KB - Virtual size: 3KB