8901ef8b798dc526353965f11ce45555_JaffaCakes118

General

Target

8901ef8b798dc526353965f11ce45555_JaffaCakes118
Size

88KB
MD5

8901ef8b798dc526353965f11ce45555
SHA1

ba1afc63044f657879e491852edf18ea58452d6e
SHA256

d38703d236e47f0a219fc53d0b6bb86499ec16ac7751af622222c4a74169f1f8
SHA512

387b7ab8b9abd3d5018d876089dd89e3ed9dda1bd25928a64f13346261cee3151868da5bde900879a7774c0bad9bbc787a8aa17ed271c13e656e58532a61b57a
SSDEEP

1536:98Zp/FR/IxyfVILJNfQT2TuNWrj74oExMXMgsbN7Wl0VFl3b:a/IPqdcLuxovKBWoFl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8901ef8b798dc526353965f11ce45555_JaffaCakes118

Files

8901ef8b798dc526353965f11ce45555_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cb92ef7bbf7ed1b7cc54ab13a511ea5c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
ReadFile
GetFileSize
CreateFileA
FindNextFileA
FindFirstFileA
GetEnvironmentVariableA
HeapAlloc
GetProcessHeap
HeapFree
GetSystemInfo
VirtualProtect
GetLocaleInfoA
ExitProcess
RtlUnwind
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersionExA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
InterlockedExchange
VirtualQuery
GetProcAddress
TerminateProcess
GetCurrentProcess
WriteFile
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
InitializeCriticalSection
LoadLibraryA
GetACP
GetOEMCP
GetCPInfo
HeapSize
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW

user32

wsprintfA

ws2_32

inet_addr
connect
send
recv
htons
gethostname
gethostbyname
WSACleanup
WSAStartup
socket
closesocket

Exports

Exports

pcre_callout
pcre_compile
pcre_compile2
pcre_exec
pcre_free
pcre_malloc
pcre_stack_free
pcre_stack_malloc

Sections

.text
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cb92ef7bbf7ed1b7cc54ab13a511ea5c

Headers

File Characteristics

Imports

kernel32

user32

ws2_32

Exports

Exports

Sections

.text Size: 68KB - Virtual size: 64KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 4KB - Virtual size: 5KB

.text
Size: 68KB - Virtual size: 64KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 5KB