8485c4f49462e0c684de668e627ba31c_JaffaCakes118

General

Target

8485c4f49462e0c684de668e627ba31c_JaffaCakes118
Size

38KB
MD5

8485c4f49462e0c684de668e627ba31c
SHA1

5cbf26ecb4166c899b0f38da8fc6e1785cb0b7d5
SHA256

ffc62d01f74a0fb53023ab18baf6f43ac4baddcc5d599c5e681be7c6b592ed13
SHA512

f5302278997ab67cc001e8b3d5eb33c9f05b3a50b171c2649c1587c7d6a76a679eb378e535f24b210916ed13db52eefc947d9422858c8a4c6859577defe7072e
SSDEEP

768:cnzNSu2YN1NWxZs+RJjtM7rrxX0cNfjfVStgFdqhyKE/YzYBTwdMKWTdrJP:UBSu2YnCZrPjtMvrxkcNfjfVS6F7K3zc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8485c4f49462e0c684de668e627ba31c_JaffaCakes118

Files

8485c4f49462e0c684de668e627ba31c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

560553d607b68acd2a8a29abdbc2ba3a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegEnumKeyExA
RegQueryInfoKeyA
RegCloseKey

shlwapi

StrStrA
StrToIntA
wnsprintfA

ws2_32

recvfrom
sendto
WSAGetLastError
ioctlsocket
WSAStartup
WSASetLastError
select
inet_ntoa
__WSAFDIsSet
htons
gethostbyname
socket
setsockopt
connect
recv
send
shutdown
getsockname
htonl
bind
inet_addr
getsockopt
closesocket

kernel32

Sleep
lstrcpyA
lstrcpynA
GetVersion
GetStartupInfoA
CreateProcessA
ExitProcess
lstrlenA
HeapFree
GetLastError
IsBadWritePtr
HeapSize
HeapReAlloc
GetProcessHeap
HeapAlloc
HeapValidate
ReleaseMutex
WaitForSingleObject
WriteFile
CreateFileA
GetFileSize
ReadFile
GetModuleHandleA
OpenMutexA
CreateMutexA
lstrcatA
GetTimeZoneInformation
GetSystemTime
CreateThread
OpenFile
IsBadReadPtr
ExitThread
GetTickCount
SetLastError
CloseHandle
GetCurrentThreadId

user32

CharLowerA
wsprintfA

dnsapi

DnsExtractRecordsFromMessage_W
DnsQuery_A
DnsRecordListFree

Exports

Exports

?BG@@YAPAXXZ

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

560553d607b68acd2a8a29abdbc2ba3a

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shlwapi

ws2_32

kernel32

user32

dnsapi

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 32KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 2KB - Virtual size: 103KB

.text
Size: 32KB - Virtual size: 32KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 2KB - Virtual size: 103KB