72fce7057fda1bb34b8bb629c0fd81f2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

72fce7057fda1bb34b8bb629c0fd81f2_JaffaCakes118
Size

197KB
MD5

72fce7057fda1bb34b8bb629c0fd81f2
SHA1

cfc2b53aaf81fc0d292baa4f2a526557d31a615e
SHA256

b5520c180c4e292616541a72392c947708c444d499a612e0d589b01b3fee2dc3
SHA512

6b7788e3b5f3b5429ac31161136abe2586873b93a4e63b7afc1d16b74af0398bf537ad1b68fd137c5b104a4dbefd13ce76a8bb1272e0c4fbdf3b7d65d226b6cd
SSDEEP

3072:beayA5QRdDbXKKIS/HjpTbvzN+95vU+Qs9VQrigc3Rc+IFrld0RY9or:J55mx11/HdzSlMriPR4xd0RKor

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
72fce7057fda1bb34b8bb629c0fd81f2_JaffaCakes118

Files

72fce7057fda1bb34b8bb629c0fd81f2_JaffaCakes118
.exe windows:5 windows x86 arch:x86

536c4b77b51e3cf5b63d6d01e56c70f9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

socket
closesocket
WSAStartup
WSACleanup
send
connect
htons
sendto
recv
gethostbyname

psapi

GetModuleBaseNameA
EnumProcesses

urlmon

URLDownloadToFileA

kernel32

GetConsoleCP
SetFilePointer
HeapReAlloc
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
GetSystemTimeAsFileTime
GetComputerNameA
CreateFileA
FindResourceA
FreeResource
FreeLibrary
LoadResource
HeapAlloc
GetCurrentProcess
HeapFree
GetTickCount
GetProcessHeap
ExpandEnvironmentStringsA
CreateRemoteThread
GetWindowsDirectoryA
WriteFile
OpenProcess
GetConsoleMode
Sleep
SizeofResource
GetFileAttributesA
CreateProcessA
GetEnvironmentVariableA
GetLastError
lstrcmpiA
GetProcAddress
CopyFileA
SetFileAttributesA
VirtualAllocEx
LoadLibraryA
LockResource
GetSystemInfo
GetModuleFileNameA
GetModuleHandleA
CreateMutexA
GetVersionExA
CloseHandle
GetTempPathA
WriteProcessMemory
CreateThread
lstrlenA
SetErrorMode
SetStdHandle
FlushFileBuffers
WriteConsoleW
SetEndOfFile
ReadFile
GetVolumeInformationA
WideCharToMultiByte
GetCurrentProcessId
QueryPerformanceCounter
CreateFileW
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
MultiByteToWideChar
EncodePointer
DecodePointer
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleW
ExitProcess
GetCommandLineA
HeapSetInformation
GetStartupInfoW
GetCPInfo
RaiseException
RtlUnwind
LCMapStringW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapCreate
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
LoadLibraryW
GetLocaleInfoW
GetStdHandle
GetModuleFileNameW
HeapSize
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType

advapi32

RegCreateKeyExA
RegSetValueExA
RegCloseKey

shell32

ShellExecuteA

Sections

.text
Size: 142KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 20.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ocz
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

536c4b77b51e3cf5b63d6d01e56c70f9

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

psapi

urlmon

kernel32

advapi32

shell32

Sections

.text Size: 142KB - Virtual size: 144KB

.rdata Size: 27KB - Virtual size: 28KB

.data Size: 6KB - Virtual size: 20.2MB

.rsrc Size: 17KB - Virtual size: 20KB

.ocz Size: 512B - Virtual size: 4KB

.text
Size: 142KB - Virtual size: 144KB

.rdata
Size: 27KB - Virtual size: 28KB

.data
Size: 6KB - Virtual size: 20.2MB

.rsrc
Size: 17KB - Virtual size: 20KB

.ocz
Size: 512B - Virtual size: 4KB