a2c2099d503fcc29478205f5aef0283b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a2c2099d503fcc29478205f5aef0283b_JaffaCakes118
Size

60KB
MD5

a2c2099d503fcc29478205f5aef0283b
SHA1

07a5790c82d3abd0adbecb6b2211f803b62d81d9
SHA256

aa29bf4292b68d197f4d8ca026b97ec7785796edcb644db625a8f8b66733ab54
SHA512

b4c277561e2dd9becdcb123a20f69f6d1191cb506034038f16b83636185872ec578fce826ed47b4a62916ba3ff80e7e676313e0564305e27fb87e527a37fa953
SSDEEP

1536:rI6+0Qab8HhdTsOXBSO3vd9SaCBU2PwNmaBc:rIv0/biYWBXV9mBU21a

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a2c2099d503fcc29478205f5aef0283b_JaffaCakes118

Files

a2c2099d503fcc29478205f5aef0283b_JaffaCakes118
.exe windows:4 windows x64 arch:x64

a6827f9441144e5254999dff379a541c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

memset
wcsstr
memmove
wcscmp
wcslen
wcscpy
wcscat
memcpy
strlen
_wcsicmp
tolower
strncpy
wcsncpy
_gmtime64
_localtime64
_mktime64
free
malloc

kernel32

GetModuleHandleW
HeapCreate
CreateMutexW
GetLastError
HeapDestroy
ExitProcess
GetCurrentProcess
WideCharToMultiByte
CloseHandle
InitializeCriticalSection
GetModuleFileNameW
DuplicateHandle
CreatePipe
GetStdHandle
HeapAlloc
CreateProcessW
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
HeapFree
PeekNamedPipe
ReadFile
HeapReAlloc
GetCurrentThreadId
GetTickCount
FreeLibrary
LoadLibraryW
GetProcAddress
HeapSize
MultiByteToWideChar
Sleep
GetComputerNameW
GetVersionExW
GetTempPathW
GetDriveTypeW
FindFirstFileW
FindClose
GetFileAttributesW
SetFileAttributesW
DeleteFileW
CreateFileW
SystemTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetLocalTime
WriteFile
SetFilePointer
DeleteCriticalSection

shell32

ShellExecuteExW
SHGetFolderLocation
SHGetPathFromIDListW

wsock32

closesocket
WSACleanup
WSAStartup
socket
inet_addr
gethostbyname
htons
bind
ioctlsocket
connect
select
__WSAFDIsSet
recvfrom
recv
send
sendto

winmm

timeBeginPeriod

ole32

CoTaskMemFree

iphlpapi

GetAdaptersInfo

user32

CharLowerW

advapi32

GetUserNameW

Sections

.code
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a6827f9441144e5254999dff379a541c

Headers

File Characteristics

Imports

msvcrt

kernel32

shell32

wsock32

winmm

ole32

iphlpapi

user32

advapi32

Sections

.code Size: 12KB - Virtual size: 11KB

.text Size: 33KB - Virtual size: 32KB

.rdata Size: 4KB - Virtual size: 4KB

.pdata Size: 2KB - Virtual size: 2KB

.data Size: 6KB - Virtual size: 9KB

.rsrc Size: 1024B - Virtual size: 704B

.code
Size: 12KB - Virtual size: 11KB

.text
Size: 33KB - Virtual size: 32KB

.rdata
Size: 4KB - Virtual size: 4KB

.pdata
Size: 2KB - Virtual size: 2KB

.data
Size: 6KB - Virtual size: 9KB

.rsrc
Size: 1024B - Virtual size: 704B