701abba8fa10e108e4d32518bdd0f453_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

701abba8fa10e108e4d32518bdd0f453_JaffaCakes118
Size

252KB
MD5

701abba8fa10e108e4d32518bdd0f453
SHA1

974bcb9dbf6f3a778c50e10bacbc062fc098f5a3
SHA256

6ae6fcfc7cc9a0e190de61edd2419be250cc989cb5b8948685e9364e3402a33e
SHA512

37db912dd292ad1124c383bc4da6cabaf01a45e275c1beb2042616bc97a0471e7c6e2caffb94f13ca14b7b5e3354113ccb37ba5ca0ae09afd364f5f8ac3d402d
SSDEEP

6144:/7A4lYRA+xTTr4bzxznuUgveCvkYORc0zbRi4DjLthg7kmT:/7AbAs0bzx7uUgmAk603d0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
701abba8fa10e108e4d32518bdd0f453_JaffaCakes118

Files

701abba8fa10e108e4d32518bdd0f453_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0bd199359ac2157cb2cd75278ee15340

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

sendto
closesocket
WSAStartup
WSACleanup
socket
setsockopt
bind
inet_ntoa
ioctlsocket

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

kernel32

HeapFree
CloseHandle
WriteFile
GetLastError
CreateFileA
HeapAlloc
SizeofResource
LockResource
LoadResource
FindResourceA
Sleep
TerminateProcess
OpenProcess
GetCurrentProcessId
GetCurrentProcess
GetComputerNameA
WinExec
MultiByteToWideChar
SetEndOfFile
SetFilePointer
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileSize
GetWindowsDirectoryA
MoveFileExA
CopyFileA
GetTempPathA
SetFileAttributesA
GetFileAttributesA
SetHandleCount
SetCurrentDirectoryA
GetModuleFileNameA
GetVersionExA
GetProcessHeap
lstrlenA
UnhandledExceptionFilter
GetStdHandle
GetProcAddress
ExitProcess
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
LCMapStringW
WideCharToMultiByte
LCMapStringA
GetCPInfo
GetOEMCP
FreeEnvironmentStringsA
GetACP
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
GetSystemTimeAsFileTime
CreateDirectoryA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetFileType
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
VirtualProtect
GetSystemInfo
VirtualQuery
LoadLibraryA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
HeapSize
GetSystemDirectoryA
RtlUnwind

user32

TranslateAcceleratorA
GetMessageA
LoadAcceleratorsA
TranslateMessage
DispatchMessageA
UnregisterClassA
LoadIconA
LoadCursorA
RegisterClassExA
LoadStringA
PostQuitMessage
PostMessageA
BeginPaint
GetClientRect
DrawTextA
EndPaint
DefWindowProcA
DialogBoxParamA
GetDC
ReleaseDC
FindWindowA
SendMessageA
wsprintfA
ExitWindowsEx
EnumWindows
keybd_event
PostThreadMessageA
GetClassNameA
GetWindowThreadProcessId
GetDlgItemTextA
MessageBeep
MessageBoxA
SetDlgItemTextA
SetFocus
SendDlgItemMessageA
GetDlgItem
SetWindowTextA
EndDialog
CreateWindowExA
ShowWindow
UpdateWindow
DestroyWindow

gdi32

GetDeviceCaps

advapi32

RegQueryValueExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
GetUserNameA
RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA

ole32

CoInitialize
CoCreateInstance

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 188KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0bd199359ac2157cb2cd75278ee15340

Headers

File Characteristics

Imports

wsock32

version

kernel32

user32

gdi32

advapi32

ole32

Sections

.text Size: 36KB - Virtual size: 33KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 12KB - Virtual size: 13KB

.rsrc Size: 188KB - Virtual size: 187KB

.text
Size: 36KB - Virtual size: 33KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 12KB - Virtual size: 13KB

.rsrc
Size: 188KB - Virtual size: 187KB