a91f5a961e7e6d696be8610f9b8137ca_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a91f5a961e7e6d696be8610f9b8137ca_JaffaCakes118
Size

206KB
MD5

a91f5a961e7e6d696be8610f9b8137ca
SHA1

923f7dd5e727ea38d24b86a99da285f8614c5df8
SHA256

0938fcdc97bcf7195cfd6dc50a039a5d0df824c575c358d1623a9af1c1962c2f
SHA512

616fcbe5d5b062b7c448f30d3c8d4c98f90b65e08328258583c2cdd2db7a43137939c57bc4a98b636e4c257dc60b995004e341485c7ff31a3cfb9ce9aa879d61
SSDEEP

3072:13Ij0TxWnBQnFseEMBNmh/x/GsenjtISPFaOTK3f7ZyUptz8QciHl:13cDCFoM2FN8nawY/3f7ZyUp5Px

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a91f5a961e7e6d696be8610f9b8137ca_JaffaCakes118

Files

a91f5a961e7e6d696be8610f9b8137ca_JaffaCakes118
.exe windows:4 windows x86 arch:x86

46972d7c596645cc022da8017df371be

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FlushFileBuffers
CreateEventW
GetTempFileNameA
GetVersion
LocalAlloc
LocalFree
DeviceIoControl
WaitForSingleObject
GetCurrentProcess
GetTempPathW
LoadLibraryW
RemoveDirectoryW
CreateDirectoryA
ResetEvent
WaitForMultipleObjects
VirtualFree
VirtualProtect
VirtualAlloc
GetCurrentThreadId
GetCommandLineA
GetModuleHandleA
GetProfileStringW
LockResource
FindResourceA
FreeResource
GetDateFormatA
MoveFileExA
CreateFileW
GetLocalTime
GetSystemTime
QueryPerformanceCounter
DeleteFileW
GetVolumeInformationA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoA
MultiByteToWideChar
GetSystemTimeAsFileTime
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoA
SetUnhandledExceptionFilter
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
HeapDestroy
HeapCreate
GetTickCount
GetCurrentProcessId
LeaveCriticalSection
EnterCriticalSection
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
LoadLibraryA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
Sleep
HeapReAlloc
RtlUnwind
HeapSize

gdi32

CreateSolidBrush
CreateRectRgnIndirect
Rectangle
RestoreDC
SaveDC
ExtTextOutA
CreateFontIndirectA
StartDocA
EndPage
CreatePatternBrush

ws2_32

WSAStartup
WSACleanup
getsockopt
htonl
getservbyname
htons
ntohs
recv
send
recvfrom
WSAAddressToStringA
WSAWaitForMultipleEvents
WSAEnumNetworkEvents

Sections

.text
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 83KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

46972d7c596645cc022da8017df371be

Headers

File Characteristics

Imports

kernel32

gdi32

ws2_32

Sections

.text Size: 120KB - Virtual size: 119KB

.data Size: 83KB - Virtual size: 86KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 120KB - Virtual size: 119KB

.data
Size: 83KB - Virtual size: 86KB

.rsrc
Size: 1KB - Virtual size: 1KB