a131d7d177784de6946955e64dfe847a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a131d7d177784de6946955e64dfe847a_JaffaCakes118
Size

152KB
MD5

a131d7d177784de6946955e64dfe847a
SHA1

8acd54365fe2a7054d9a17cc7199b987b55bbbb7
SHA256

e981d6d454746c44cdfad873eeec0bb6a5a75bc5aec8b3cbe054bc726d79f1d4
SHA512

207e5c6f3991c1cd9496beb963d337401393f57ed25c27786dbfcc492905bb4de952f1ff4d17aec14672dd83f0fc5408ed32a1970361a3ea48bf9873f655d6da
SSDEEP

1536:RBt9TrwCcc1xqW2GJsMZp3waXx+Fv7vc1+mlQYLmxxPNTr/g8Dv6pWjog9tDx:L/wCcc4SZp3DXYn+0NPJDvljB9tD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a131d7d177784de6946955e64dfe847a_JaffaCakes118

Files

a131d7d177784de6946955e64dfe847a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

51baa70c0518d83ab24add6dff28590a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

getpeername
ioctlsocket
gethostname
connect
inet_ntoa
WSAStartup
inet_addr
select
WSAGetLastError
htons
ntohs
shutdown
setsockopt
sendto
recv
socket
closesocket
gethostbyname
send

wininet

InternetCloseHandle
InternetOpenA
InternetReadFile
InternetOpenUrlA
HttpQueryInfoA

kernel32

FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
InterlockedExchange
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
RaiseException
SetFilePointer
CreateFileA
lstrlenA
WriteFile
lstrcatA
CloseHandle
DeleteFileA
lstrcpynA
FreeLibrary
HeapAlloc
SetEndOfFile
SystemTimeToFileTime
InterlockedDecrement
HeapFree
WaitForSingleObject
GetTimeFormatA
GetTickCount
GetProcessHeap
ExpandEnvironmentStringsA
GetDateFormatA
InitializeCriticalSection
WideCharToMultiByte
Sleep
LeaveCriticalSection
GetFileAttributesA
CreateProcessA
GetTimeZoneInformation
GetLastError
GetProcAddress
EnterCriticalSection
GetTempFileNameA
GetLocalTime
LoadLibraryA
LocalAlloc
GetExitCodeThread
GetModuleFileNameA
GetModuleHandleA
CreateMutexA
DeleteCriticalSection
LocalSize
GetTempPathA
LocalFree
GetSystemTime
lstrcpyA
InterlockedIncrement
CreateThread
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
GetCommandLineA
GetVersionExA
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
ExitProcess
GetStdHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetCPInfo
GetACP
GetOEMCP
HeapSize
RtlUnwind
MultiByteToWideChar
ReadFile
GetConsoleCP
GetConsoleMode
SetHandleCount
GetFileType

advapi32

RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey

Sections

.text
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

51baa70c0518d83ab24add6dff28590a

Headers

File Characteristics

Imports

ws2_32

wininet

kernel32

advapi32

Sections

.text Size: 120KB - Virtual size: 119KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 8KB - Virtual size: 27KB

.text
Size: 120KB - Virtual size: 119KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 8KB - Virtual size: 27KB