8cee208c635df44e1c2dda752813a42b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8cee208c635df44e1c2dda752813a42b_JaffaCakes118
Size

3.7MB
MD5

8cee208c635df44e1c2dda752813a42b
SHA1

5ca5a32a76a3206309d2a895c97034f1c354b64a
SHA256

31f09d2a05085aada62fdbc8f6974fd2d3a96dafe9540f199fad4ca92e1c7996
SHA512

9240b124fde077b116dc0206c049233b50ca518326c6988e915b0409cc2f9fe8aa922227e6b0ca6594a7c36d447e97b1664d740faf70043300d817f2278750db
SSDEEP

98304:yOe3xnMKKH/xhcsKiLZnaGL6EvsGWiKnuyes8w1MLZlSerQt:Dk2csKSnaGDvfKukj1Mdjro

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8cee208c635df44e1c2dda752813a42b_JaffaCakes118

Files

8cee208c635df44e1c2dda752813a42b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b92c983e5c0971d62016b7a5b5099e36

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

ntohl
gethostname
closesocket
WSARecvFrom
WSAGetServiceClassInfoW
WSASetLastError
WSALookupServiceEnd
WSAResetEvent
WSALookupServiceNextW
htonl

user32

PostThreadMessageW
EnumDisplaySettingsExW
GetSysColor
DrawIcon
GetParent
CreateWindowExA
DrawTextExA
ShowScrollBar
RegisterWindowMessageW
ChangeClipboardChain
CopyAcceleratorTableA
SetPropW
PostThreadMessageA
GetMenuItemRect
GetDoubleClickTime
CreateMenu
GetScrollPos
TrackPopupMenuEx
SwitchDesktop
IsMenu
CharLowerBuffW
SetDlgItemTextW
GetWindowTextLengthW
OemKeyScan
WindowFromPoint
FlashWindowEx
ToAscii
CheckMenuRadioItem
SetWindowTextA
LoadImageW
ShowOwnedPopups
UnionRect
GetDCEx

comdlg32

PrintDlgA
GetOpenFileNameW

version

VerFindFileA

ole32

OleCreateLink
OleBuildVersion

kernel32

FormatMessageA
EnumSystemCodePagesA
SetConsoleOutputCP
GetLargestConsoleWindowSize
CloseHandle
RemoveDirectoryA
WritePrivateProfileStringW
_hread
PeekConsoleInputW
CreateMutexA
AreFileApisANSI
SetThreadPriorityBoost
SetCurrentDirectoryA
SizeofResource
GlobalAddAtomA
SetFileTime
ExitProcess
GlobalGetAtomNameW
PulseEvent
SetVolumeLabelA
GetModuleFileNameW
GetHandleInformation
CopyFileExW
VirtualProtect
GetCommandLineW
GetTempPathW
SetEndOfFile
VirtualUnlock
GetTimeZoneInformation
lstrcmpiW
CompareStringW
FindCloseChangeNotification
SetMailslotInfo
SetProcessShutdownParameters
GetFileInformationByHandle
ReadFile
CreateMutexW
GetOverlappedResult
FreeLibrary
OpenSemaphoreW
LocalReAlloc
GetSystemTimeAsFileTime
GetThreadContext
GlobalFindAtomA

msvcrt

fwrite
_lseeki64
_beginthreadex
remove
clock
wcslen
_mbsnbcpy
setbuf
_mbsupr
setvbuf
system
strftime
_ismbblead
_popen
mktime
_makepath
_itoa
getchar
tmpnam
islower
_cexit
wcstol
_filelength
_mbsnbcnt
_execlp

Sections

.text
Size: 5KB - Virtual size: 223KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b92c983e5c0971d62016b7a5b5099e36

Headers

File Characteristics

Imports

ws2_32

user32

comdlg32

version

ole32

kernel32

msvcrt

Sections

.text Size: 5KB - Virtual size: 223KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 3.4MB - Virtual size: 3.4MB

.rsrc Size: 19KB - Virtual size: 18KB

.text
Size: 5KB - Virtual size: 223KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 3.4MB - Virtual size: 3.4MB

.rsrc
Size: 19KB - Virtual size: 18KB