6f644c42d10dcb5631c2a1fa32329a9f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6f644c42d10dcb5631c2a1fa32329a9f_JaffaCakes118
Size

295KB
MD5

6f644c42d10dcb5631c2a1fa32329a9f
SHA1

80f33ff4d1812cbd7dfa37c7c963ba2413cce2c4
SHA256

6d6fbf93661aedc24fac21ada7b20a3cf66648ca84553836216dcb01b3f947ac
SHA512

5709f1cafed075d4fd8cd001f9485caff41afa5b4ea027c96ce4a7b688fe332dbc315f4b4e2af62b94b226f0dc976edaecfa00b1b87798239b9dff07241ea5d3
SSDEEP

6144:CutnDbPDJQE/JkOXhvCnjY0hMcbhwb2AeFXu:DFlQ2rXhvCjY0WSAeFXu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6f644c42d10dcb5631c2a1fa32329a9f_JaffaCakes118

Files

6f644c42d10dcb5631c2a1fa32329a9f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

448860320c85de15946c3f6f0eb2d8e6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSADuplicateSocketA
getservbyname
WSACleanup
WSAIsBlocking
WSAAddressToStringW
WSAInstallServiceClassW
recv
WSACancelAsyncRequest

comdlg32

FindTextA
ChooseColorA

comctl32

ImageList_GetBkColor
ord17
PropertySheetW
ImageList_Duplicate

oleaut32

SafeArrayGetLBound
SafeArrayRedim

user32

TrackPopupMenuEx
GetMenuItemInfoW
SetScrollRange
ChangeMenuA
GetDlgItemInt
OemToCharBuffA
ModifyMenuA
SetDlgItemTextW
WaitForInputIdle
GetClipboardOwner
IsZoomed
CharUpperBuffW
PostMessageA
CharLowerBuffW
GetSystemMenu
HideCaret
GetClassNameW
MenuItemFromPoint
SetWindowPos
LoadBitmapW
CopyAcceleratorTableA
LoadIconA
LoadKeyboardLayoutW
MapVirtualKeyW
SetCursor
DrawEdge
SetProcessWindowStation
DefMDIChildProcA
SetForegroundWindow
wvsprintfA
SetClassLongW

advapi32

RegSetValueW
OpenThreadToken
RegReplaceKeyW
LockServiceDatabase
SetThreadToken
EqualSid
RevertToSelf
AccessCheckAndAuditAlarmA
ImpersonateNamedPipeClient
CryptImportKey
AbortSystemShutdownW
RegEnumValueW
RegFlushKey
CryptSetHashParam
RegisterServiceCtrlHandlerA
GetNamedSecurityInfoW

kernel32

ConnectNamedPipe
GetModuleHandleA
GetDriveTypeW
FlushFileBuffers
GetCPInfo
EnumSystemCodePagesW
LocalAlloc
GetProfileStringA
GetThreadPriority
SetSystemTime
GetCommState
lstrcatW
GetVolumeInformationW
SetProcessAffinityMask
CreateFileW
DeleteFiber
CreateProcessA
LocalLock
SetEvent
DebugBreak
SetupComm
GetProcessTimes
GetVersion
PrepareTape
SearchPathW
SuspendThread
GetTapeParameters
ExitProcess
GetTempPathW

ole32

CoFreeUnusedLibraries
OleGetIconOfClass
CoTaskMemRealloc
CoReleaseServerProcess

gdi32

CreateDCW
GetTextColor
GetFontData
Ellipse
GetTextCharsetInfo
GetROP2
CloseMetaFile
BitBlt
SetTextColor
CreateICW

version

GetFileVersionInfoA

Sections

.text
Size: 4KB - Virtual size: 220KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 270KB - Virtual size: 270KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

448860320c85de15946c3f6f0eb2d8e6

Headers

File Characteristics

Imports

ws2_32

comdlg32

comctl32

oleaut32

user32

advapi32

kernel32

ole32

gdi32

version

Sections

.text Size: 4KB - Virtual size: 220KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 270KB - Virtual size: 270KB

.rsrc Size: 16KB - Virtual size: 16KB

.text
Size: 4KB - Virtual size: 220KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 270KB - Virtual size: 270KB

.rsrc
Size: 16KB - Virtual size: 16KB