6f30bdab49c3572566eb63bd46367b82_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6f30bdab49c3572566eb63bd46367b82_JaffaCakes118
Size

216KB
MD5

6f30bdab49c3572566eb63bd46367b82
SHA1

2ee20b83bb8d6a0a385dfae24191f386286f8c56
SHA256

8d6114bc9f1a3ed0e63e0fcae882eb5db2e1463e0fbf50631aa551868b918d54
SHA512

42df74569be058af92f3bbdeaa3c95ccac5ea885869818723f86e6a2b2ea5798f6e017a611c5667f129e7fe73b959070a87727baac3bb13d1c81549d89494a8b
SSDEEP

6144:TiiKbaoAAoa7rEq1sF9YLUmaJrOqvY/BncjESb:IHoaf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6f30bdab49c3572566eb63bd46367b82_JaffaCakes118

Files

6f30bdab49c3572566eb63bd46367b82_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e5b1c37b9f469f29c8c5c27b7161daf8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
ResetEvent
GetLastError
CreateEventA
CreateMutexA
GetModuleFileNameA
OpenEventA
FreeConsole
FreeLibrary
GetCurrentProcessId
SetConsoleCtrlHandler
CloseHandle
WaitForSingleObject
CompareFileTime
FileTimeToSystemTime
ReadFile
GetFileTime
LocalFree
lstrlenA
FormatMessageA
GetVersionExA
HeapSize
lstrcpyA
SetEvent
GetProcessHeap
HeapAlloc
HeapFree
Sleep
LoadLibraryA
GetProcAddress
GetSystemTime
SystemTimeToFileTime
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
InitializeCriticalSection
GetFileSize
CreateFileA
SetEndOfFile
RtlUnwind
InterlockedDecrement
SetStdHandle
LCMapStringW
LCMapStringA
SetFilePointer
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
FlushFileBuffers
GetEnvironmentStrings
GetLocalTime
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetOEMCP
GetACP
GetCPInfo
WriteFile
InterlockedIncrement
HeapReAlloc
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
TerminateProcess
GetCurrentProcess
ResumeThread
CreateThread
TlsSetValue
ExitThread
GetCommandLineA
GetVersion
TlsAlloc
SetLastError
TlsGetValue
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
VirtualAlloc

user32

MessageBoxA

advapi32

RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
RegDeleteValueA
OpenServiceA
ControlService
QueryServiceStatus
DeleteService
RegOpenKeyA
RegSetValueExA
RegCloseKey
OpenSCManagerA
CreateServiceA
CloseServiceHandle
StartServiceA
SetServiceStatus

wsock32

send
recv
accept
bind
ioctlsocket
gethostbyname
htons
connect
select
__WSAFDIsSet
setsockopt
WSAStartup
ntohs
getsockname
closesocket
WSAGetLastError
inet_ntoa
inet_addr
socket
listen
htonl

wininet

InternetOpenA
InternetReadFile
FtpOpenFileA
InternetFindNextFileA
InternetGetLastResponseInfoA
FtpFindFirstFileA
InternetConnectA
InternetCloseHandle

iphlpapi

GetIfTable
GetIpAddrTable

Sections

.text
Size: 120KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 5.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e5b1c37b9f469f29c8c5c27b7161daf8

Headers

File Characteristics

Imports

kernel32

user32

advapi32

wsock32

wininet

iphlpapi

Sections

.text Size: 120KB - Virtual size: 118KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 80KB - Virtual size: 5.3MB

.text
Size: 120KB - Virtual size: 118KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 80KB - Virtual size: 5.3MB