6477623796ab0cdc3084b8b462526277_JaffaCakes118

General

Target

6477623796ab0cdc3084b8b462526277_JaffaCakes118
Size

69KB
MD5

6477623796ab0cdc3084b8b462526277
SHA1

51a0b03925e62be90cb8a6510be440fb044651d2
SHA256

394dc13955ad0e6ae3a1f275467fbde268dd0402b6d9ff13022171a7b432e7e5
SHA512

93454d53df13564b20d4c464e78d7c2e46a0199fb5e15e9d1a47f3225f2dae7f955788f5a261d8c261bb5bdea399792b66f582112afbec258392e03c37cc1a3d
SSDEEP

1536:1UnPda6Dwed8exy7iKltAJnWjw709phPfzriE/:te6ikYWM09vPvi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6477623796ab0cdc3084b8b462526277_JaffaCakes118

Files

6477623796ab0cdc3084b8b462526277_JaffaCakes118
.exe windows:4 windows x86 arch:x86

55bbcceaf25ffa12698dde77490f0f94

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
VirtualProtect
VirtualAlloc
GetProcAddress
LoadLibraryA
GetModuleHandleA
GetModuleFileNameA
GetSystemDirectoryA
GetLastError
GetFileSize
Sleep
GetTickCount
GetWindowsDirectoryA
GetPrivateProfileStringA
CreateThread
CreateMutexA
WritePrivateProfileStringA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
ReadFile
CloseHandle
VirtualFree
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetStartupInfoA

user32

GetMessageA
CreateWindowExA
wsprintfA
FindWindowA
PostQuitMessage
DispatchMessageA
TranslateMessage
SetWindowLongA

msvcrt

__p__fmode
_controlfp
memcpy
memset
free
malloc
memmove
_strupr
strcat
strlen
strcpy
__set_app_type
_except_handler3
_stricmp
strstr
sprintf
atoi
strchr
strncpy
memcmp
__dllonexit
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode

wsock32

send
inet_ntoa
connect
socket
closesocket
gethostbyname
getpeername
shutdown
select
htons
inet_addr
__WSAFDIsSet
recv
WSAGetLastError
ntohs

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

55bbcceaf25ffa12698dde77490f0f94

Headers

File Characteristics

Imports

kernel32

user32

msvcrt

wsock32

Sections

.text Size: 19KB - Virtual size: 19KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 32KB - Virtual size: 50KB

.rsrc Size: 2KB - Virtual size: 1KB

.vmp0 Size: 12KB - Virtual size: 11KB

.text
Size: 19KB - Virtual size: 19KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 32KB - Virtual size: 50KB

.rsrc
Size: 2KB - Virtual size: 1KB

.vmp0
Size: 12KB - Virtual size: 11KB