af2b8e45aeee8e20b23aebe7f5cf0eb4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

af2b8e45aeee8e20b23aebe7f5cf0eb4_JaffaCakes118
Size

549KB
MD5

af2b8e45aeee8e20b23aebe7f5cf0eb4
SHA1

705eb5e221aa7fd6fb4f20b5c696b22ffc1210bb
SHA256

733de177e18a52a79b68c660d04a10dadd5f5b411ac4e70e4ed0616e090bc2ed
SHA512

ed19909184eea98cdc06f74a60be0247920a5fb25f0aca895f3191ba5e16e682fea470dde551f6c253c82698aa4a5e8076fc42063c703650089f8d610da27950
SSDEEP

6144:H3P1v//oJbdk/4yDDF6njHCJAjaoc+45SX:XP1v/UhkNn6icHE5E

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
af2b8e45aeee8e20b23aebe7f5cf0eb4_JaffaCakes118

Files

af2b8e45aeee8e20b23aebe7f5cf0eb4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2b73703c86346de8d70a6922c1b29dc7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSASocketW
recv
shutdown
ntohl
WSAAsyncGetHostByName
WSACleanup
WSAUnhookBlockingHook
getprotobyname
inet_addr

gdi32

SetWinMetaFileBits
AddFontResourceA

kernel32

UnmapViewOfFile
VirtualProtect
EndUpdateResourceA
CreateFileW
LCMapStringA
ReadFile
GlobalFindAtomW
SetEndOfFile
GetLocaleInfoW
PrepareTape
SwitchToFiber
GetFullPathNameA
GetACP
ConnectNamedPipe
WriteFile
LoadLibraryExW
PulseEvent
LocalSize
GetShortPathNameA
GetDateFormatA
GetCommState
GlobalDeleteAtom
GetCurrentDirectoryW
VirtualUnlock
OutputDebugStringA
DosDateTimeToFileTime
_hread
SetHandleCount
EnumDateFormatsW
lstrcatW
GetLongPathNameA
SetProcessAffinityMask
lstrcpyA
GetLargestConsoleWindowSize
FindResourceExA
FlushFileBuffers
GetUserDefaultLangID
ExitProcess
IsBadReadPtr
MultiByteToWideChar
GetTempPathW
GetProcessHeap

user32

CharLowerBuffA
GetAsyncKeyState
LoadCursorA
MapVirtualKeyW
RegisterClipboardFormatA
GetClassInfoW
GetDlgItemTextW
LoadCursorFromFileW

shell32

SHAddToRecentDocs
SHGetSpecialFolderPathA

comdlg32

PageSetupDlgW
GetFileTitleW

advapi32

GetSidLengthRequired
AdjustTokenPrivileges
RevertToSelf
LookupPrivilegeValueA
CryptAcquireContextW
CreateServiceA
SetTokenInformation
OpenProcessToken
RegQueryValueW
AddAccessDeniedAce
RegisterServiceCtrlHandlerA
SetSecurityDescriptorSacl
CryptHashData
RegCreateKeyExA
GetSecurityDescriptorOwner
AbortSystemShutdownW
RegCloseKey

Sections

.text
Size: 303KB - Virtual size: 302KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 225KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2b73703c86346de8d70a6922c1b29dc7

Headers

File Characteristics

Imports

ws2_32

gdi32

kernel32

user32

shell32

comdlg32

advapi32

Sections

.text Size: 303KB - Virtual size: 302KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 225KB - Virtual size: 224KB

.rsrc Size: 16KB - Virtual size: 16KB

.text
Size: 303KB - Virtual size: 302KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 225KB - Virtual size: 224KB

.rsrc
Size: 16KB - Virtual size: 16KB