6024e3ee3fb2e5ec6424fef01d6abc1c_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

6024e3ee3fb2e5ec6424fef01d6abc1c_JaffaCakes118
Size

50KB
MD5

6024e3ee3fb2e5ec6424fef01d6abc1c
SHA1

4d7f722751b5216854028299f3e59f25e4c1267b
SHA256

4121cf2e9dda59a3e42616e97db5a1d6db0cb00b168014e3c1ad5e41eb73388a
SHA512

d87066dedd8ace9e9703449bde568816b40ad8df2af9eb5dac05c10f75422c9891a7efbcdaf2c57d6bb0067ac63464f8af99762005b9e9c772f186ddf9fd6cf0
SSDEEP

1536:CiGW5w0eCDpp5L7S6iojsfyGyymwGXqiccUYaTENoZHhYw3:CiGW5Q45Lu6igsfydymwGuifNCl3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6024e3ee3fb2e5ec6424fef01d6abc1c_JaffaCakes118

Files

6024e3ee3fb2e5ec6424fef01d6abc1c_JaffaCakes118
.exe windows:1 windows x86 arch:x86

5d04d704cfff619487e5868733f2ca00

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSAAsyncSelect
WSAGetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
gethostbyname
htonl
htons
inet_addr
inet_ntoa
ioctlsocket
listen
recv
select
send
socket

kernel32

EnterCriticalSection
ExitThread
FindFirstFileA
FindNextFileA
FreeLibrary
GetCommandLineA
GetComputerNameA
GetCurrentProcessId
GetDiskFreeSpaceExA
GetDriveTypeA
GetFileSize
GetFileTime
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
CloseHandle
GetProcAddress
GetSystemDirectoryA
GetTickCount
GetVersion
GetVersionExA
GetVolumeInformationA
GetWindowsDirectoryA
GlobalAddAtomA
GlobalDeleteAtom
GlobalFindAtomA
GlobalMemoryStatus
InitializeCriticalSection
IsBadReadPtr
IsBadWritePtr
LeaveCriticalSection
LoadLibraryA
LocalAlloc
LocalFree
OpenProcess
CreateFileA
ReadFile
RtlUnwind
RtlZeroMemory
SetFilePointer
SetFileTime
SetUnhandledExceptionFilter
TerminateProcess
TerminateThread
VirtualQuery
WinExec
WriteFile
WriteProcessMemory
CreateThread
DeleteFileA

user32

SetWindowTextA
GetWindowTextA
FindWindowA
SetTimer
KillTimer
RegisterClassA
GetMessageA
TranslateMessage
DispatchMessageA
SendMessageA
CharUpperBuffA
CreateWindowExA
DefWindowProcA

advapi32

GetUserNameA
CloseServiceHandle
CreateServiceA
DeleteService
OpenSCManagerA
OpenServiceA
RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceA
StartServiceCtrlDispatcherA
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
GetSecurityInfo
SetSecurityInfo
SetEntriesInAclA

crtdll

_itoa
__GetMainArgs
_sleep
atoi
exit
memcpy
memset
raise
rand
signal
sprintf
srand
strcat
strchr

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 701KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5d04d704cfff619487e5868733f2ca00

Headers

File Characteristics

Imports

wsock32

kernel32

user32

advapi32

crtdll

Sections

.text Size: 36KB - Virtual size: 36KB

.bss Size: - Virtual size: 701KB

.data Size: 7KB - Virtual size: 7KB

.idata Size: 3KB - Virtual size: 3KB

.text
Size: 36KB - Virtual size: 36KB

.bss
Size: - Virtual size: 701KB

.data
Size: 7KB - Virtual size: 7KB

.idata
Size: 3KB - Virtual size: 3KB