b479728401ae36546bc36fb99bbd1460_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b479728401ae36546bc36fb99bbd1460_JaffaCakes118
Size

24KB
MD5

b479728401ae36546bc36fb99bbd1460
SHA1

7ca5beb3d8bfc36f8bdac3736a72c929361ac153
SHA256

49a744d7e4a0b7033495aecd038e70dedf316c237f8f7f4ce1c2d6265503a7d1
SHA512

1931ae4658da57e83c72ed0b9f454e8c593ffd2905f5997082d6911ca10e598ae570cb4652a9d069f01e027b8e2699710ddf71f711145881217da4603aa0159b
SSDEEP

384:CeGNV4XLp8J1NrZvExlk0OnOGIXi7yjH75qUd77fSL9LlUJZwFHM+ShQzm:CfELpQNV8za2i7yHd77eL102a

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b479728401ae36546bc36fb99bbd1460_JaffaCakes118

Files

b479728401ae36546bc36fb99bbd1460_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e792866ee42d3f0d9ba2a0df6437c984

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mswsock

AcceptEx
GetAcceptExSockaddrs

ntdll

memmove
RtlUnwind
RtlAnsiStringToUnicodeString
_chkstk
_vsnwprintf
_wcsicmp
strlen
wcslen
NtAllocateVirtualMemory
RtlUnicodeStringToAnsiString
RtlUnicodeToMultiByteSize
RtlInitUnicodeStringEx

dnsapi

DnsReplaceRecordSetW

userenv

RsopSetPolicySettingStatus

kernel32

FreeResource
CreateFileW
MultiByteToWideChar
InterlockedCompareExchange
QueryPerformanceCounter
LoadResource
DeleteFileW
TlsSetValue
LocalReAlloc
LocalAlloc
lstrcpyW
SizeofResource
DisableThreadLibraryCalls
FindResourceExW
GetVolumeInformationW
FindNextFileW
InterlockedDecrement
GetModuleHandleA
GetTempFileNameW
LeaveCriticalSection
InterlockedExchange
GetFileAttributesW
GlobalReAlloc
lstrcmpiW
WaitForSingleObject
GetShortPathNameW
CloseHandle
lstrcpynW
lstrcmpW
InterlockedIncrement
LockResource
GlobalFree
CreateThread
FindResourceA
FindResourceW
TlsFree
FindFirstFileW
TerminateProcess
GetLocaleInfoW
FindClose
GetDriveTypeW
MulDiv
lstrlenA
GetCurrentProcessId
LoadLibraryA
GlobalAlloc
SetUnhandledExceptionFilter
GetTickCount
WideCharToMultiByte
GetUserDefaultLCID
GetCurrentProcess
SetLastError
GetProfileStringW
ExpandEnvironmentStringsW
GetVersionExA
GetACP
GetProcAddress
FreeLibraryAndExitThread
SetEvent
GetModuleHandleW
GlobalLock
GetCurrentDirectoryW
GetCurrentThreadId
LoadLibraryW
LocalFree
CreateEventW
FreeLibrary
InitializeCriticalSectionAndSpinCount
lstrcpyA
EnterCriticalSection
SetCurrentDirectoryW
FormatMessageW
GlobalUnlock
TlsAlloc
LocalSize
ResetEvent
GetProcessVersion
GetFullPathNameW
GetLastError
DelayLoadFailureHook
DeleteCriticalSection
TlsGetValue
UnhandledExceptionFilter
SetErrorMode
GetSystemTimeAsFileTime
GetSystemDefaultUILanguage
lstrlenW
GetModuleFileNameW

ole32

CoInitializeEx
CoTaskMemFree
CoCreateInstance
CoUninitialize

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e792866ee42d3f0d9ba2a0df6437c984

Headers

DLL Characteristics

File Characteristics

Imports

mswsock

ntdll

dnsapi

userenv

kernel32

ole32

Sections

.text Size: 8KB - Virtual size: 8KB

.data Size: 5KB - Virtual size: 72KB

.rdata Size: 2KB - Virtual size: 2KB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 512B - Virtual size: 20B

.text
Size: 8KB - Virtual size: 8KB

.data
Size: 5KB - Virtual size: 72KB

.rdata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 512B - Virtual size: 20B