6f36a95b03009cf8b0b7a2783e31634a_JaffaCakes118

General

Target

6f36a95b03009cf8b0b7a2783e31634a_JaffaCakes118
Size

20KB
MD5

6f36a95b03009cf8b0b7a2783e31634a
SHA1

4acb55235c08855903c4fc1607c50960af808ca5
SHA256

ac631c898791ce57c37b8d1a68680413a5271fc279c7294459e40369187e3d03
SHA512

46aed5bfd6560ea2045f0b54d6ddc375b353abe39100c6d83893ec4596f57dc5b9deb21416e72290b02d7368a0acbad1b7df95a418a4dde16fd0b76660880890
SSDEEP

384:zjPJ+aZw30s1vJSPKPYeuUYVK/3mD4qvwDMWbni:PdZw30Y8yAeuUuA3WaD3z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6f36a95b03009cf8b0b7a2783e31634a_JaffaCakes118

Files

6f36a95b03009cf8b0b7a2783e31634a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

fa62ca2748e4ae06f2e64b6c775373aa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\projects\soft\sloader_conc12np1\svcloader\Release\svcloader.pdb

Imports

ws2_32

socket
WSACleanup
WSAStartup
inet_addr
gethostbyname
htons
setsockopt
connect
send
recv
closesocket

kernel32

Sleep
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
VirtualQuery
GetVersionExA
RtlUnwind
CreateEventA
CreateSemaphoreA
ReleaseSemaphore
QueryPerformanceCounter
CloseHandle
DeviceIoControl
CreateFileA
CreateProcessA
WriteFile
GetTempFileNameA
GetTempPathA
ResumeThread
SetThreadContext
WriteProcessMemory
VirtualAllocEx
ReadProcessMemory
GetThreadContext
lstrcatA
GetEnvironmentVariableA
GetLastError
CreateMutexA
IsDebuggerPresent
OpenProcess
LeaveCriticalSection
VirtualAlloc
EnterCriticalSection
ExitProcess
DeleteCriticalSection
HeapFree
VirtualFree
TerminateThread
CreateThread
WaitForMultipleObjects
InitializeCriticalSection
HeapAlloc
GetProcessHeap
WaitForSingleObject
SetEvent

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fa62ca2748e4ae06f2e64b6c775373aa

Headers

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

Sections

.text Size: 11KB - Virtual size: 11KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 176B

.reloc Size: 1024B - Virtual size: 776B

.text
Size: 11KB - Virtual size: 11KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 176B

.reloc
Size: 1024B - Virtual size: 776B