873d2417d4b69f9df7ba52a5921a4e9f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

873d2417d4b69f9df7ba52a5921a4e9f_JaffaCakes118
Size

164KB
MD5

873d2417d4b69f9df7ba52a5921a4e9f
SHA1

92af832966c2e1e8bcb7208969221b863a204aa1
SHA256

c474fdc218f31bdf9f1dd325cb9319b2828d1e55c7384c554704b594f5c28708
SHA512

b954731a1bc811e727f8e3f9c25493b9cc40c39494c174ff5181d3532f85a921f2a4b1bdc581a880f3bf74ccd1cff293730be4c32e5a1048236bdfc3625974c5
SSDEEP

3072:gNr2l+9dJpiUe1K1JpHjK54MMyIcaWzXR9JegE/vZpLSkm9y4Ns256G:gB2w9dJp0s1JJmaMM/cfDRLE5pOV9P6y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
873d2417d4b69f9df7ba52a5921a4e9f_JaffaCakes118

Files

873d2417d4b69f9df7ba52a5921a4e9f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

28b01cd143ea13d5aaf1f5bee95a319f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

socket
setsockopt
WSAConnect
WSASocketA
WSAWaitForMultipleEvents
getprotobynumber
WSACloseEvent

dbghelp

SymCleanup
StackWalk
StackWalk64
SearchTreeForFile
MapDebugInformation
MakeSureDirectoryPathExists
ImageRvaToVa
ImageRvaToSection
ImageNtHeader
ImageDirectoryEntryToDataEx
GetTimestampForLoadedLibrary
FindFileInSearchPath
FindFileInPath
FindDebugInfoFile
SymGetLineNext
SymGetLineNext64
SymGetLineFromName
SymGetLineFromName64
SymGetLineFromAddr
SymEnumSourceFiles
SymGetLineFromAddr64
SymFunctionTableAccess
SymEnumerateSymbols64
SymEnumerateModules
SymEnumerateModules64
SymEnumTypes
SymEnumSymbols
UnmapDebugInformation
SymUnloadModule
SymUnloadModule64
SymUnDName
SymUnDName64
SymSetSearchPath
SymSetOptions
SymMatchString
SymMatchFileName
SymLoadModule
SymGetSymNext
SymGetSymNext64
SymGetSymFromName
SymEnumSym
SymGetSearchPath
SymGetOptions
SymGetModuleInfoW
SymGetModuleInfoW64
SymGetModuleInfo
SymGetLinePrev
SymGetLinePrev64

hlink

ord3
ord6
ord11
ord12
ord16
ord20
ord23
ord24
ord30
ord29
ord8
ord22

iphlpapi

IcmpCloseHandle
IcmpSendEcho2
IcmpSendEcho
IcmpCreateFile

imagehlp

BindImage
ImageEnumerateCertificates
ImageGetCertificateData
ImageGetCertificateHeader
ImageGetDigestStream
ImageRemoveCertificate
ImageUnload
MapAndLoad
MapFileAndCheckSumA
ReBaseImage
SetImageConfigInformation
SplitSymbols
UpdateDebugInfoFileEx
ImageLoad

msvcrt

fread
fclose
memmove
fputs
fwrite
fseek
fopen
_onexit
__dllonexit
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
??2@YAPAXI@Z
atoi

kernel32

GetTempPathA
ResetEvent
PulseEvent
WaitForSingleObject
CreateEventA
GetModuleHandleA
GetStartupInfoA
WriteConsoleW

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 734KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

28b01cd143ea13d5aaf1f5bee95a319f

Headers

File Characteristics

Imports

ws2_32

dbghelp

hlink

iphlpapi

imagehlp

msvcrt

kernel32

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 84KB - Virtual size: 81KB

.data Size: 48KB - Virtual size: 734KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 84KB - Virtual size: 81KB

.data
Size: 48KB - Virtual size: 734KB