6377bffefbe50dc4bed9632b70fa9412_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6377bffefbe50dc4bed9632b70fa9412_JaffaCakes118
Size

568KB
MD5

6377bffefbe50dc4bed9632b70fa9412
SHA1

5fd8a1df5f5bd383ca5be94f3bf9efe5832f3441
SHA256

8e2b0639bd292c740bfaba2b326a46f952d4c62928ecfb6801cc469e0b2202c6
SHA512

0c13af3803094a2a44136e3fc119cbd1079c4b9cf9fc7fe07d703d3964d5f0ce2dd2ca38e57672ad1f24d36525fa4f49ee3c2da74386ec4dcc77a88863fdb177
SSDEEP

12288:tqyaOIOhGRg/H0FxoxIT+Je9+hVfZycjvnrp:FaOwgxs+Je9MZZyc7nrp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6377bffefbe50dc4bed9632b70fa9412_JaffaCakes118

Files

6377bffefbe50dc4bed9632b70fa9412_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f1a671efd5ffdb2ac9ecf9e1615c1572

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedIncrement
CloseHandle
WaitForMultipleObjects
InterlockedDecrement
GetCurrentThreadId
Sleep
InitializeCriticalSection
DeleteCriticalSection
FindResourceA
SizeofResource
LockResource
LoadResource
FindResourceExA
LeaveCriticalSection
EnterCriticalSection
HeapAlloc
GetProcessHeap
HeapReAlloc
HeapFree
GetLastError
GetStdHandle
GetTickCount
QueryPerformanceCounter
GetCurrentProcessId
GlobalMemoryStatus
FreeLibrary
GetProcAddress
LoadLibraryA
GetVersionExA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetEnvironmentVariableA
SetEndOfFile
WideCharToMultiByte
CompareStringA
CompareStringW
MultiByteToWideChar
InterlockedExchange
GetVersion
GetFileType
GetStringTypeW
GetStringTypeA
GetModuleFileNameW
SetFilePointer
FlushFileBuffers
ReadFile
GetConsoleMode
GetConsoleCP
LCMapStringW
LCMapStringA
GetEnvironmentStringsW
FreeEnvironmentStringsW
DeleteFileA
GetEnvironmentStrings
FreeEnvironmentStringsA
GetTimeZoneInformation
SetHandleCount
SetStdHandle
GetACP
GetLocaleInfoA
GetThreadLocale
HeapDestroy
HeapSize
RaiseException
RtlUnwind
VirtualAlloc
GetModuleHandleA
VirtualQuery
ExitThread
CreateThread
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileInformationByHandle
PeekNamedPipe
MoveFileA
CreateDirectoryA
GetCommandLineA
GetStartupInfoA
DebugBreak
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
ExitProcess
VirtualFree
HeapCreate
WriteFile
GetModuleFileNameA
GetCPInfo
GetOEMCP
IsValidCodePage
CreateFileA

user32

UnregisterClassA
GetUserObjectInformationW
GetProcessWindowStation
GetDesktopWindow
MessageBoxA

advapi32

ReportEventA
DeregisterEventSource
RegisterEventSourceA

ws2_32

WSAGetLastError
shutdown
socket
WSAIoctl
ntohl
connect
inet_ntoa
closesocket
select
recv
send
htons
gethostbyname
inet_addr
WSACleanup
gethostname
getsockopt
setsockopt
getsockname
htonl
WSAStartup

Sections

.text
Size: 408KB - Virtual size: 404KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f1a671efd5ffdb2ac9ecf9e1615c1572

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

Sections

.text Size: 408KB - Virtual size: 404KB

.rdata Size: 104KB - Virtual size: 100KB

.data Size: 48KB - Virtual size: 53KB

.rsrc Size: 4KB - Virtual size: 176B

.text
Size: 408KB - Virtual size: 404KB

.rdata
Size: 104KB - Virtual size: 100KB

.data
Size: 48KB - Virtual size: 53KB

.rsrc
Size: 4KB - Virtual size: 176B