65c8b0ffb9c2b05b180ace721fba2852_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

65c8b0ffb9c2b05b180ace721fba2852_JaffaCakes118
Size

32KB
MD5

65c8b0ffb9c2b05b180ace721fba2852
SHA1

bc725887ef7d3e993c47f5655c51c0d3ce55fcb3
SHA256

1a8289ce4d7f47c505dbf8f373cd88b8252b7e77c1ee8c169c6aeb2615869dd2
SHA512

e5ba42443ed0bdbe7abff151cf782985604c53d6c344470e4517603a9330cf4b7f8fd021f28d5d70a0fde877571d7afa1669186cf35c0533a178226ccaf8e210
SSDEEP

768:IGYqZRVGY9Cl1ZThNYRumt6+d2kbkjB+W+v1aJPOTC:IGYqW++42/jBH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
65c8b0ffb9c2b05b180ace721fba2852_JaffaCakes118

Files

65c8b0ffb9c2b05b180ace721fba2852_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1cd354a733168f71402e7a8c87dd93ba

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessA
CreateThread
ExitProcess
ExitThread
FreeLibrary
GetModuleHandleA
GetPrivateProfileIntA
GetPrivateProfileStringA
GetProcAddress
GetProcessHeap
GetThreadContext
GetVersionExA
HeapAlloc
HeapFree
LoadLibraryA
MapViewOfFile
CreateFileMappingA
ResumeThread
SetEvent
SetFilePointer
SetThreadContext
SetThreadPriority
Sleep
SuspendThread
TerminateThread
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualProtect
VirtualProtectEx
WriteFile
WritePrivateProfileStringA
WriteProcessMemory
CreateEventA
CreateFileA
ReadProcessMemory
CloseHandle
GetModuleFileNameA

user32

EndDialog
GetDlgItem
GetDlgItemTextA
GetForegroundWindow
GetMessageA
DestroyWindow
IsDialogMessageA
IsIconic
LoadIconA
MessageBoxA
MsgWaitForMultipleObjectsEx
PostMessageA
PostQuitMessage
PostThreadMessageA
DispatchMessageA
SendMessageA
SetDlgItemInt
SetDlgItemTextA
SetForegroundWindow
SetWindowPos
SetWindowTextA
ShowWindow
TranslateMessage
DefWindowProcA
CreateWindowExA
CheckDlgButton
GetWindowRect
CreateDialogParamA
RegisterClassExA
DialogBoxParamA

comdlg32

GetOpenFileNameA

ws2_32

socket
send
recv
bind
listen
inet_ntoa
inet_addr
gethostbyname
connect
closesocket
accept
WSAStartup
WSAGetLastError
WSAAsyncSelect
WSACleanup

winmm

timeGetTime
timeBeginPeriod
timeEndPeriod

wininet

InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetCloseHandle

shell32

ShellExecuteA

core

FileMapMessage

Exports

Exports

check_for_updates
console_message
create_send_header
crypt_packet
drop_packet
get_moduleid
nexus_memory_access
queue_packet
register_settings
request_unload
safe_globals
send_keys
send_queue

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1cd354a733168f71402e7a8c87dd93ba

Headers

File Characteristics

Imports

kernel32

user32

comdlg32

ws2_32

winmm

wininet

shell32

core

Exports

Exports

Sections

.text Size: 21KB - Virtual size: 20KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 2KB - Virtual size: 2KB

.text
Size: 21KB - Virtual size: 20KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 2KB - Virtual size: 2KB