a512a03521259a6167441e8df8c9289d_JaffaCakes118

General

Target

a512a03521259a6167441e8df8c9289d_JaffaCakes118
Size

5.7MB
MD5

a512a03521259a6167441e8df8c9289d
SHA1

5bc7e2d41bab343df91c319ed86739a6fbcffae2
SHA256

dfeb75b6962dce99a6a7b10b94b9788cc4a6359e5a1d3bc4166732a10c6048ec
SHA512

fc7296b1c739aec100fdd7b78a79d6b3a5e3e3a8fee6b31a2b1347d413e0463c27df951ed752d128ed7062fd2d38da2080443262b62149d4925008afe3f9d57b
SSDEEP

24576:uL4KUqZQR2O2jalDU+T80kHVlK554Wnjz:uM+Q4O2WlDd8pHVlNWjz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a512a03521259a6167441e8df8c9289d_JaffaCakes118

Files

a512a03521259a6167441e8df8c9289d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b34f42a8a6bc9774c29439cf6acf22b1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

ntohl
WSAResetEvent
WSAGetQOSByName
recv
WSAAccept
htonl
WSALookupServiceNextW
WSALookupServiceBeginA
WSALookupServiceEnd
WSAAsyncGetServByPort

kernel32

GetThreadContext
GetEnvironmentStringsW
GetCommandLineW
GetCommState
EraseTape
FindNextChangeNotification
GetTempFileNameA
FileTimeToLocalFileTime
GetOEMCP
GetConsoleMode
GetTempPathW
ExitProcess
FreeResource

advapi32

FreeSid
LookupPrivilegeNameA
BuildTrusteeWithNameW
ChangeServiceConfigW
RegUnLoadKeyW
RegOpenKeyA
SetPrivateObjectSecurity
RegisterServiceCtrlHandlerW
CryptAcquireContextA
CreateServiceW
InitializeSecurityDescriptor
ControlService
IsValidSecurityDescriptor
LogonUserA
BuildSecurityDescriptorW

version

VerFindFileA
VerQueryValueA
VerInstallFileA

user32

ArrangeIconicWindows
IsCharAlphaW
ToUnicodeEx
DestroyCursor
EnableScrollBar
LoadKeyboardLayoutW
IsChild
SetCaretBlinkTime
CreateIcon
ValidateRgn
GetClipboardData
MessageBoxIndirectW
UpdateWindow
FindWindowW
TrackMouseEvent
CreateDialogIndirectParamW

gdi32

GetBkMode
GetMapMode

msvcrt

_strnicmp
__doserrno
_chdrive
_snprintf
wcstok
_lseek
towupper
bsearch
sprintf
strncpy
wcstol

Sections

.text
Size: 2KB - Virtual size: 255KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5.5MB - Virtual size: 5.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b34f42a8a6bc9774c29439cf6acf22b1

Headers

File Characteristics

Imports

ws2_32

kernel32

advapi32

version

user32

gdi32

msvcrt

Sections

.text Size: 2KB - Virtual size: 255KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 5.5MB - Virtual size: 5.5MB

.rsrc Size: 17KB - Virtual size: 16KB

.text
Size: 2KB - Virtual size: 255KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 5.5MB - Virtual size: 5.5MB

.rsrc
Size: 17KB - Virtual size: 16KB