a06f5ed106f4fd70a262d5ff75b78d20_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

a06f5ed106f4fd70a262d5ff75b78d20_JaffaCakes118
Size

76KB
MD5

a06f5ed106f4fd70a262d5ff75b78d20
SHA1

efd01f95b3b823c3db4c1872f57a48c3f25eeca7
SHA256

a208cc04a441c5e156bd2513ca1586244c3f11e2a3e3e019d673b15b67fa4ab2
SHA512

a5646166994a10e9064b2b40c39f4f9cf938d17f5a3b1e19e5f8977c8b98b2d9531ad45855c73aecb4a53f0e0861854ce2546d25ca245f7745dd202276f6729a
SSDEEP

1536:s+znPXj4cupMs+v2XHrnejN+ZNKD5o/jniykbYnfRpbbBl5uW2c:sIjfKHrckLi1YfRpRl5uW2c

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a06f5ed106f4fd70a262d5ff75b78d20_JaffaCakes118

Files

a06f5ed106f4fd70a262d5ff75b78d20_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c34c0bd1b9434f8dcf6b71ea39d1993a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

sendto
ioctlsocket
inet_addr
gethostbyname
select
WSAStartup
WSACleanup
htons
socket
connect
send
closesocket
recv

user32

wsprintfA

kernel32

GetStringTypeA
LCMapStringW
LCMapStringA
ReadFile
GetProcessHeap
SetEndOfFile
HeapSize
SetEnvironmentVariableA
CompareStringW
ExitProcess
GetLastError
CreateMutexA
Sleep
SetErrorMode
IsDebuggerPresent
CloseHandle
CreateProcessA
ExitThread
GetTempPathA
CopyFileA
GetStringTypeW
GetFileAttributesA
lstrcmpiA
GetWindowsDirectoryA
GetModuleFileNameA
GetModuleHandleA
ExpandEnvironmentStringsA
WriteFile
CreateFileA
ReleaseMutex
lstrlenA
GetVersionExA
CreateThread
GetTickCount
GetComputerNameA
GetLocaleInfoA
WaitForSingleObject
SetFileAttributesA
UnhandledExceptionFilter
CompareStringA
IsValidCodePage
GetModuleHandleW
GetProcAddress
HeapAlloc
GetSystemTimeAsFileTime
GetCommandLineA
GetStartupInfoA
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
HeapFree
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
RtlUnwind
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
DeleteCriticalSection
GetStdHandle
LoadLibraryA
InitializeCriticalSectionAndSpinCount
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
RaiseException
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
SetStdHandle
FlushFileBuffers
SetFilePointer
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
GetCPInfo
GetACP
GetOEMCP

advapi32

RegDeleteKeyA
RegCreateKeyA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA

shlwapi

PathRemoveFileSpecA

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c34c0bd1b9434f8dcf6b71ea39d1993a

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

user32

kernel32

advapi32

shlwapi

Sections

.text Size: 56KB - Virtual size: 56KB

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 5KB - Virtual size: 15KB

.rsrc Size: 512B - Virtual size: 436B

.text
Size: 56KB - Virtual size: 56KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 5KB - Virtual size: 15KB

.rsrc
Size: 512B - Virtual size: 436B