832b2b62dbf68e9866043789b3ef625b_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

832b2b62dbf68e9866043789b3ef625b_JaffaCakes118
Size

148KB
MD5

832b2b62dbf68e9866043789b3ef625b
SHA1

8f5b0eeb1a01f3ead81c1efb37aa9f9fe4637092
SHA256

7a74ac23c7957db6f310881351f27cc8376fe2210a6a94d7f48ee9a9f7713e88
SHA512

f48c601600eda2d3bf32f5cfc7c30781e51d7e76b37c578f79d9d6406dbf8c702066ac83c903ac6e047cb57503db0970642f92338e9378b29670423293128434
SSDEEP

3072:CGuhP6amSyWL+5FZ7QC0of4NY4rpKqx44tnhEpa:PIZyM+aBNQO2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
832b2b62dbf68e9866043789b3ef625b_JaffaCakes118

Files

832b2b62dbf68e9866043789b3ef625b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e4c442459efd255897bd137446d623f7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

recvfrom
send
recv
htons
getservbyport
getprotobynumber
socket
setsockopt
getservbyname
htonl

wtsapi32

WTSOpenServerA
WTSQueryUserToken
WTSCloseServer

uxtheme

GetThemeFont
GetThemeTextExtent
CloseThemeData

netapi32

NetWkstaGetInfo
NetWkstaSetInfo
NetGetAnyDCName
NetApiBufferFree

setupapi

SetupAddToDiskSpaceListA
SetupGetInfFileListA
SetupScanFileQueueA
SetupInstallFileA
SetupInstallFilesFromInfSectionA
SetupOpenAppendInfFileA
SetupOpenFileQueue
SetupCreateDiskSpaceListA
SetupGetSourceFileSizeA
SetupCloseFileQueue
SetupCloseInfFile
SetupCommitFileQueueA
SetupDecompressOrCopyFileA
SetupOpenInfFileA
SetupDestroyDiskSpaceList
SetupQueryDrivesInDiskSpaceListA
SetupRemoveFromDiskSpaceListA
SetupGetSourceFileLocationA

kernel32

FindNextChangeNotification
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
GetOEMCP
GetACP
GetCPInfo
WriteFile
RtlUnwind
GetCurrentThread
GetLastError
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsBadWritePtr
HeapReAlloc
VirtualAlloc
FatalAppExitA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
VirtualFree
HeapCreate
HeapDestroy
Sleep
GetTickCount
LoadLibraryA
GetProcAddress
WriteConsoleW
FindFirstChangeNotificationA
HeapFree
HeapAlloc
GetCommandLineA
GetVersion
ExitProcess

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 684KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e4c442459efd255897bd137446d623f7

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

wtsapi32

uxtheme

netapi32

setupapi

kernel32

Sections

.text Size: 24KB - Virtual size: 20KB

.rdata Size: 60KB - Virtual size: 57KB

.data Size: 56KB - Virtual size: 684KB

.rsrc Size: 4KB - Virtual size: 760B

.text
Size: 24KB - Virtual size: 20KB

.rdata
Size: 60KB - Virtual size: 57KB

.data
Size: 56KB - Virtual size: 684KB

.rsrc
Size: 4KB - Virtual size: 760B