b175c96dd0d7120f57b8dabb3c86c4e2_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b175c96dd0d7120f57b8dabb3c86c4e2_JaffaCakes118
Size

3.9MB
MD5

b175c96dd0d7120f57b8dabb3c86c4e2
SHA1

c05fe70d38eebe09807612483d09ba9f25799d22
SHA256

addf68fc98fba4fd67454e72ec325780659799b7804e6505080f03dd211c0a38
SHA512

5ac14d00db355b029accbab2cdc5b28f4d03b317af2858b6abbfab1b9ef9c2fcb0e35d73111c1262715a1f1ecc5e90dab9858de1fe2e9019c3a108f09b257a2d
SSDEEP

6144:FNI+hivhbxZU/67xfLCw57p21ugZddzWWlAl3CRCHzbeP8paW6xuyTye3wn+RH3o:PI+E5/0mfLCioAWls3iWePl5T53M+NY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b175c96dd0d7120f57b8dabb3c86c4e2_JaffaCakes118

Files

b175c96dd0d7120f57b8dabb3c86c4e2_JaffaCakes118
.exe windows:5 windows x86 arch:x86

7867f56d313679e4084dbfc96fa7b3d7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegSetValueExA
RegOpenKeyExA
RegCloseKey

ole32

CoInitialize
CoUninitialize

wsock32

WSACleanup
recv
setsockopt
ioctlsocket
gethostbyname
inet_ntoa
WSAStartup
htons
socket
connect
send
closesocket

urlmon

URLDownloadToFileA

kernel32

SetEnvironmentVariableA
CompareStringW
CompareStringA
GetProcessHeap
SetEndOfFile
CreateFileA
CreateFileW
GetLocaleInfoW
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetTimeZoneInformation
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
ExitThread
Sleep
CreateThread
WinExec
ExpandEnvironmentStringsA
CopyFileA
DeleteFileA
GetModuleFileNameA
GetModuleHandleA
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
MultiByteToWideChar
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
RaiseException
RtlUnwind
GetLastError
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
GetModuleHandleW
GetProcAddress
ExitProcess
GetCommandLineA
GetStartupInfoA
LCMapStringA
LCMapStringW
GetCPInfo
HeapAlloc
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetFullPathNameA
GetCurrentDirectoryA
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
SetHandleCount
GetStdHandle
GetFileType
WriteFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
ReadFile
SetFilePointer
CloseHandle
LoadLibraryA
InitializeCriticalSectionAndSpinCount
HeapSize
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
GetStringTypeA
GetStringTypeW

Sections

.text
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7867f56d313679e4084dbfc96fa7b3d7

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

ole32

wsock32

urlmon

kernel32

Sections

.text Size: 161KB - Virtual size: 161KB

.rdata Size: 21KB - Virtual size: 20KB

.data Size: 7KB - Virtual size: 14KB

.text
Size: 161KB - Virtual size: 161KB

.rdata
Size: 21KB - Virtual size: 20KB

.data
Size: 7KB - Virtual size: 14KB