877793857218c3d9858a30f9929cf721_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

877793857218c3d9858a30f9929cf721_JaffaCakes118
Size

372KB
MD5

877793857218c3d9858a30f9929cf721
SHA1

87f523efb9ecf6e7ee71989240721a267967de89
SHA256

9f9af36b051aeea6345c51ce4b4917040302b51575860f9945ebad4f2aefd8e6
SHA512

b9fc164805017c5445325ee80536aa68d4b22d76cc03bf417f15b34dea4bce7aad9fc8c9a09ec3bff36d4d709aa6196ff1a251bbb6d140459d387705646cd7b6
SSDEEP

6144:QJelPqSPqjCKSPqR3PqqqqiMgJ6Sf3HPqq0KM2r5BChX4vajA6pKNoD:XKYMqLf3cKMk6hX4vajA6pKOD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
877793857218c3d9858a30f9929cf721_JaffaCakes118

Files

877793857218c3d9858a30f9929cf721_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5c7d9483f31083923e235e8df906b863

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

htonl
ioctlsocket
send
accept
listen
closesocket
connect
shutdown
gethostbyname
recvfrom
recv
bind
inet_addr
htons
sendto
setsockopt
inet_ntoa
WSAStartup
WSACleanup
WSAGetLastError
WSAAsyncSelect
socket
WSAIoctl

kernel32

CompareStringW
GetOEMCP
GetACP
GetCPInfo
ReadFile
CreateFileA
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
SetFilePointer
IsBadCodePtr
SetUnhandledExceptionFilter
SetConsoleCtrlHandler
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
Sleep
LocalFree
CompareStringA
SetEndOfFile
CopyFileA
CreateThread
CloseHandle
TerminateThread
WaitForMultipleObjects
GetTickCount
ExitThread
GetProcAddress
LoadLibraryA
GetModuleFileNameA
UnhandledExceptionFilter
LCMapStringW
LCMapStringA
MultiByteToWideChar
HeapAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetLastError
HeapFree
SetEnvironmentVariableA
GetCurrentProcessId
FormatMessageA
WideCharToMultiByte
GetTimeZoneInformation
HeapValidate
InterlockedIncrement
OutputDebugStringA
InterlockedDecrement
WriteFile
GetStdHandle
HeapReAlloc
GetSystemTime
GetCommandLineA
GetStartupInfoA
GetVersion
RtlUnwind
IsBadWritePtr
IsBadReadPtr
DebugBreak
GetCurrentProcess
GetLocalTime
ExitProcess
TerminateProcess
GetModuleHandleA

user32

KillTimer
GetMessageA
TranslateMessage
DispatchMessageA
DefWindowProcA
SetTimer
DestroyWindow
UnregisterClassA
RegisterClassA
CreateWindowExA

advapi32

RegCreateKeyA
RegSetValueExA
RegCloseKey

odbc32

ord16
ord13
ord9
ord14
ord2
ord1
ord41
ord3
ord19
ord12
ord15

Sections

.text
Size: 272KB - Virtual size: 269KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 18.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5c7d9483f31083923e235e8df906b863

Headers

File Characteristics

Imports

ws2_32

kernel32

user32

advapi32

odbc32

Sections

.text Size: 272KB - Virtual size: 269KB

.rdata Size: 28KB - Virtual size: 24KB

.data Size: 8KB - Virtual size: 18.8MB

.idata Size: 4KB - Virtual size: 3KB

.reloc Size: 56KB - Virtual size: 55KB

.text
Size: 272KB - Virtual size: 269KB

.rdata
Size: 28KB - Virtual size: 24KB

.data
Size: 8KB - Virtual size: 18.8MB

.idata
Size: 4KB - Virtual size: 3KB

.reloc
Size: 56KB - Virtual size: 55KB