a88dec57813a01eac93c85a32d4ebaad_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a88dec57813a01eac93c85a32d4ebaad_JaffaCakes118
Size

168KB
MD5

a88dec57813a01eac93c85a32d4ebaad
SHA1

08b3d716c86127fd81ede9a2d2c1663cdf30ec5e
SHA256

2716226cf53427aa6722e88f41396e2f506e4bdc089d52682c58e50cef7ed5ec
SHA512

cbb1faa9cee0577263c81ee42a2427a0ddaaf968e3b6778653940369be7fecd4cd8f176e47379a99941e6e1cb973e5707d51025d6f7e657fbcb40e4af213c66f
SSDEEP

3072:t0y0oYeqgvvDDNty/9vsRokgSpH0PoiPrm66C70nAJSdwDhyvdZEOIzM9:t0a7vHH4vsvd+9Pr37uYS2D4LEOIzo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a88dec57813a01eac93c85a32d4ebaad_JaffaCakes118

Files

a88dec57813a01eac93c85a32d4ebaad_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0ce9ec28d3cc63216f2a669189b340b0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSASocketA
WSAConnect
WSAWaitForMultipleEvents

dbghelp

SymEnumerateModules64
SymEnumTypes
SymEnumSymbols
SymEnumSym
SymEnumSourceFiles
SymCleanup
StackWalk
StackWalk64
SearchTreeForFile
MapDebugInformation
MakeSureDirectoryPathExists
ImageRvaToVa
ImageRvaToSection
ImageDirectoryEntryToDataEx
GetTimestampForLoadedLibrary
FindFileInSearchPath
FindFileInPath
FindDebugInfoFile
SymGetSymNext64
SymGetSymFromName
SymGetSearchPath
SymEnumerateModules
SymGetOptions
SymGetModuleInfoW
SymGetModuleInfoW64
SymGetModuleInfo
SymGetLinePrev
SymGetLinePrev64
SymGetLineFromAddr
SymGetLineFromAddr64
UnmapDebugInformation
SymUnloadModule
SymUnloadModule64
SymUnDName
SymUnDName64
SymSetSearchPath
SymSetOptions
SymSetContext
SymRegisterFunctionEntryCallback
SymRegisterFunctionEntryCallback64
SymFunctionTableAccess
SymMatchString
SymMatchFileName
SymLoadModule
SymGetTypeInfo
SymGetTypeFromName
SymGetSymPrev
SymEnumerateSymbols64
SymEnumerateSymbols
SymEnumerateSymbolsW64
SymEnumerateSymbolsW
SymGetSymNext

hlink

ord3
ord6
ord9
ord11
ord16
ord20
ord24
ord21
ord5
ord27
ord31

iphlpapi

IcmpSendEcho
IcmpCreateFile

imagehlp

BindImage
ImageEnumerateCertificates
ImageGetCertificateData
ImageGetCertificateHeader
ImageGetDigestStream
ImageUnload
MapAndLoad
MapFileAndCheckSumA
ReBaseImage
SetImageConfigInformation
SplitSymbols
UpdateDebugInfoFileEx
ImageLoad

msvcrt

fclose
fwrite
fputs
_onexit
__dllonexit
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
??2@YAPAXI@Z
malloc
free
realloc
exit
fopen
fseek
atoi

kernel32

GetComputerNameA
SetEvent
WaitForSingleObject
GetStartupInfoA
GetModuleHandleA
CreateEventA
SetTapePosition

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 606KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0ce9ec28d3cc63216f2a669189b340b0

Headers

File Characteristics

Imports

ws2_32

dbghelp

hlink

iphlpapi

imagehlp

msvcrt

kernel32

Sections

.text Size: 36KB - Virtual size: 34KB

.rdata Size: 84KB - Virtual size: 83KB

.data Size: 44KB - Virtual size: 606KB

.text
Size: 36KB - Virtual size: 34KB

.rdata
Size: 84KB - Virtual size: 83KB

.data
Size: 44KB - Virtual size: 606KB