87e882b8540ae42fe3e7fea28496780c_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

87e882b8540ae42fe3e7fea28496780c_JaffaCakes118
Size

148KB
MD5

87e882b8540ae42fe3e7fea28496780c
SHA1

ca65b2488c153833c1dad0e1f2d32af5f7f2849b
SHA256

2ee5322001d3af44eae35413114d7e4ba2421530f86da10cc83b18848bc0c4bf
SHA512

d68a26793614e8cf07e310208e3eaf72a4dc2d806e622ffbe269b8868780a29cafe0851ad02f73de9e81561b2ea8619ba6b529a67ce702eecb55a4591b2ff188
SSDEEP

3072:CGuhP6amSyWL+5FZ7QC0of4NY4rpKqx44tnhEea:PIZyM+aBNQO2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
87e882b8540ae42fe3e7fea28496780c_JaffaCakes118

Files

87e882b8540ae42fe3e7fea28496780c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e4c442459efd255897bd137446d623f7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

recvfrom
send
recv
htons
getservbyport
getprotobynumber
socket
setsockopt
getservbyname
htonl

wtsapi32

WTSOpenServerA
WTSQueryUserToken
WTSCloseServer

uxtheme

GetThemeFont
GetThemeTextExtent
CloseThemeData

netapi32

NetWkstaGetInfo
NetWkstaSetInfo
NetGetAnyDCName
NetApiBufferFree

setupapi

SetupAddToDiskSpaceListA
SetupGetInfFileListA
SetupScanFileQueueA
SetupInstallFileA
SetupInstallFilesFromInfSectionA
SetupOpenAppendInfFileA
SetupOpenFileQueue
SetupCreateDiskSpaceListA
SetupGetSourceFileSizeA
SetupCloseFileQueue
SetupCloseInfFile
SetupCommitFileQueueA
SetupDecompressOrCopyFileA
SetupOpenInfFileA
SetupDestroyDiskSpaceList
SetupQueryDrivesInDiskSpaceListA
SetupRemoveFromDiskSpaceListA
SetupGetSourceFileLocationA

kernel32

FindNextChangeNotification
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
GetOEMCP
GetACP
GetCPInfo
WriteFile
RtlUnwind
GetCurrentThread
GetLastError
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsBadWritePtr
HeapReAlloc
VirtualAlloc
FatalAppExitA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
VirtualFree
HeapCreate
HeapDestroy
Sleep
GetTickCount
LoadLibraryA
GetProcAddress
WriteConsoleW
FindFirstChangeNotificationA
HeapFree
HeapAlloc
GetCommandLineA
GetVersion
ExitProcess

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 684KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e4c442459efd255897bd137446d623f7

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

wtsapi32

uxtheme

netapi32

setupapi

kernel32

Sections

.text Size: 24KB - Virtual size: 20KB

.rdata Size: 60KB - Virtual size: 57KB

.data Size: 56KB - Virtual size: 684KB

.rsrc Size: 4KB - Virtual size: 760B

.text
Size: 24KB - Virtual size: 20KB

.rdata
Size: 60KB - Virtual size: 57KB

.data
Size: 56KB - Virtual size: 684KB

.rsrc
Size: 4KB - Virtual size: 760B