a2be6cbd523a549c4c2f9c3c66ac5fb0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a2be6cbd523a549c4c2f9c3c66ac5fb0_JaffaCakes118
Size

1.6MB
MD5

a2be6cbd523a549c4c2f9c3c66ac5fb0
SHA1

dc12dc9b227949c821fd5dce9459ba049ecb3ce2
SHA256

e454db197fe85992388724d3b85756cfa21e338c5cc01b430358d694e7d08b2f
SHA512

0ab1f84336a07c6d2f00dd24538223de1c1159cd1397f1af3f3541b0d9abd8661566d23bbbf1c29a400aa3c7d29a5835b34336bbf08e8ad4e33e43486515a5da
SSDEEP

49152:dBXwNWbjQwQTD7I+b/BJx9W6EqRIboyXJ7:7XMwjvQ37Iu/Br9iqax

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a2be6cbd523a549c4c2f9c3c66ac5fb0_JaffaCakes118

Files

a2be6cbd523a549c4c2f9c3c66ac5fb0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

685db4869bd119915bd7e6b0e60e9e55

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAUnhookBlockingHook
htons
WSASetServiceW
WSACleanup
getservbyname

kernel32

FindFirstFileW
MultiByteToWideChar
SetConsoleMode
ReadFileScatter
GlobalFindAtomW
GlobalFlags
WritePrivateProfileSectionA
IsProcessorFeaturePresent
DuplicateHandle
IsBadWritePtr
CreateFileW
VirtualQuery
WritePrivateProfileStringA
CreatePipe
LocalSize
GetSystemDirectoryW
GetPrivateProfileStringA
GetCommandLineW
CreateProcessA
SetConsoleCursorPosition
SystemTimeToFileTime
lstrcmpA
RemoveDirectoryA
LoadResource
ReadDirectoryChangesW
GetCurrentProcess
CompareStringA
GlobalDeleteAtom
GetAtomNameA
FindFirstFileExW
FreeEnvironmentStringsA
MoveFileW
ExpandEnvironmentStringsW
VirtualQueryEx
ExitProcess
GetFileAttributesExA
CompareStringW

user32

GetClipboardFormatNameW
EnableScrollBar
FindWindowW
SendMessageTimeoutW
GetDCEx
DrawTextExW
GetCursorPos
wsprintfA
DrawStateW
GetIconInfo
TrackPopupMenuEx
TileWindows
DrawAnimatedRects

advapi32

CryptDestroyHash
ImpersonateSelf
ChangeServiceConfigA
LogonUserW
AbortSystemShutdownW
RegisterServiceCtrlHandlerW
RegRestoreKeyA
RegUnLoadKeyA
RegOpenKeyExA
ImpersonateLoggedOnUser
AdjustTokenPrivileges
CryptAcquireContextA
EnumServicesStatusA
RegisterServiceCtrlHandlerA
ReadEventLogW
SetFileSecurityA
FreeSid
RegEnumKeyExW

msvcrt

_strnicmp
ferror
setvbuf
_mbctoupper
_wopen
_wctime
fputwc

Sections

.text
Size: 5KB - Virtual size: 221KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

685db4869bd119915bd7e6b0e60e9e55

Headers

File Characteristics

Imports

ws2_32

kernel32

user32

advapi32

msvcrt

Sections

.text Size: 5KB - Virtual size: 221KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 1.3MB - Virtual size: 1.3MB

.rsrc Size: 17KB - Virtual size: 16KB

.text
Size: 5KB - Virtual size: 221KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 1.3MB - Virtual size: 1.3MB

.rsrc
Size: 17KB - Virtual size: 16KB