5fe4cf5e41541e4ad5c4f00e17c70257_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5fe4cf5e41541e4ad5c4f00e17c70257_JaffaCakes118
Size

96KB
MD5

5fe4cf5e41541e4ad5c4f00e17c70257
SHA1

051582085560d906b22ae6bdb2b237ee8044bcec
SHA256

c13126d59abc3331d368388a34105ec9c1cfe6e2d0c0f6836756e7bf2e594061
SHA512

3c1eece34542fb366acb7149b044eda1fbfe8f47c6505314dfd7a6f4e56a9c65caddac74c2b23b02015534232c7f43525faab03727042848215efcb5a0795a8d
SSDEEP

3072:iPYF0KMm1usAnucyc5LevD2Iun6vh+LrdSxZHb:Dhcyc5LevaIW0hiSxlb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5fe4cf5e41541e4ad5c4f00e17c70257_JaffaCakes118

Files

5fe4cf5e41541e4ad5c4f00e17c70257_JaffaCakes118
.exe windows:1 windows x86 arch:x86

5bc8748f583cae12747ffa29fee1ed1c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSAStartup
__WSAFDIsSet
closesocket
connect
gethostbyname
getsockname
htons
inet_ntoa
recv
select
send
socket

ole32

CoTaskMemFree
CoInitialize

kernel32

ExitProcess
ExpandEnvironmentStringsA
FindClose
FindFirstFileA
FindNextFileA
FindResourceA
FreeLibrary
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetExitCodeThread
GetFileAttributesA
GetFileSize
GetLastError
GetModuleFileNameA
GetModuleHandleA
CloseHandle
GetProcAddress
GetProcessHeap
GetSystemDirectoryA
GetSystemTime
GetTempFileNameA
GetTempPathA
GetTickCount
GetTimeZoneInformation
GetVersion
GetVersionExA
CopyFileA
InterlockedDecrement
InterlockedIncrement
IsDebuggerPresent
LoadLibraryA
LoadResource
LocalAlloc
LocalFree
LockResource
MoveFileA
OpenFile
OpenMutexA
CreateEventA
CreateFileA
ReadFile
ReleaseSemaphore
ResetEvent
RtlUnwind
SetEvent
SetFilePointer
CreateMutexA
SizeofResource
SystemTimeToFileTime
VirtualAlloc
VirtualFree
CreateProcessA
WaitForSingleObject
WinExec
WriteFile
CreateSemaphoreA
lstrlenA
lstrlenW
CreateThread
DeleteFileA

user32

SetTimer
KillTimer
RegisterClassA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
CharLowerA
CreateWindowExA
DefWindowProcA

advapi32

CloseServiceHandle
ControlService
OpenSCManagerA
OpenServiceA
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

crtdll

__GetMainArgs
_sleep
_strcmpi
_strnicmp
atoi
exit
localtime
memcpy
memset
raise
rand
signal
sprintf
srand
strcat
strchr
strftime
strncat
strncmp
strncpy
time

Sections

.text
Size: 30KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5bc8748f583cae12747ffa29fee1ed1c

Headers

File Characteristics

Imports

wsock32

ole32

kernel32

user32

advapi32

crtdll

Sections

.text Size: 30KB - Virtual size: 32KB

.bss Size: - Virtual size: 113KB

.data Size: 19KB - Virtual size: 20KB

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 40KB - Virtual size: 44KB

.text
Size: 30KB - Virtual size: 32KB

.bss
Size: - Virtual size: 113KB

.data
Size: 19KB - Virtual size: 20KB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 40KB - Virtual size: 44KB