b97458ea3be9b23f1864e2ca88e8c3f8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b97458ea3be9b23f1864e2ca88e8c3f8_JaffaCakes118
Size

160KB
MD5

b97458ea3be9b23f1864e2ca88e8c3f8
SHA1

6d7d06a26331b0f1ed8a4c1e4b131e8d6dddd45b
SHA256

0fc3bbaf7404f6842d2a4de2640c5f9a5b2b32f0a7a2af37f6ae23bd1793eed2
SHA512

d0fd7116467308f7a32343b770c0cbba5acf226ab5807eac843ca0d38dd9b80e7615361882ce497d04f43dbf3b6270a91ddf22d547dd23a30a1441035b117122
SSDEEP

3072:3kMotr94AjzHPkAJCAAwKdjJKQz4Zomw4ttKK6n9omZFKWX8GkQgJGVx:30tr/vHjCrwKdgQzWoR3KuBfsGkib

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b97458ea3be9b23f1864e2ca88e8c3f8_JaffaCakes118

Files

b97458ea3be9b23f1864e2ca88e8c3f8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

80c80a61c7c8e4d39c54eb3d1502189b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
GetCurrentThreadId
WriteConsoleA
lstrlenW
LCMapStringA
ReadFile
SetEndOfFile
LoadLibraryA
HeapFree
CreateFileA
FlushFileBuffers
SetStdHandle
IsBadWritePtr
HeapReAlloc
VirtualAlloc
GetStringTypeW
GetStringTypeA
GetModuleFileNameA
RtlUnwind
HeapCreate
HeapCompact
HeapValidate
LoadLibraryW
GetCurrentProcess
WaitForSingleObject
GetProcAddress
SetEvent
VirtualFree
HeapDestroy
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetCommandLineA
GetCommandLineW
GetEnvironmentStrings
GetEnvironmentStringsW
FreeEnvironmentStringsW
MultiByteToWideChar
FreeEnvironmentStringsA
GetModuleFileNameW
UnhandledExceptionFilter
SetFilePointer
TerminateProcess
LCMapStringW
WriteFile
CloseHandle
GetLastError
ExitProcess
GetVersion
GetStartupInfoW
GetModuleHandleA
WideCharToMultiByte
GetSystemTimeAsFileTime

user32

IsWindowEnabled
DeferWindowPos
DispatchMessageW
CheckMenuRadioItem
CheckMenuItem
GetClassNameW
BeginDeferWindowPos
ExitWindowsEx
EndDeferWindowPos
CreateMenu
UnregisterHotKey
GetPropW
RegisterWindowMessageW
TranslateMessage

gdi32

CreateDCW
GetObjectW
CreatePen
DeleteObject
DeleteDC
SetMapMode
DPtoLP

ws2_32

WSAAddressToStringW
WSAConnect
WSACloseEvent
gethostbyaddr
socket
closesocket
bind
accept
connect

wininet

HttpQueryInfoW
HttpSendRequestW
HttpAddRequestHeadersW
InternetCloseHandle
InternetConnectW
InternetCrackUrlW
InternetOpenW
InternetGetCookieW
InternetQueryDataAvailable
InternetQueryOptionW
InternetReadFile
InternetSetCookieW
InternetSetOptionW
InternetWriteFile
HttpEndRequestW
InternetAttemptConnect
HttpOpenRequestW
HttpSendRequestExW

Exports

Exports

Dejitudeniq
Gibuja
Pusevevo
Ycaren
anedifiq
enojelu
enutib
oqapemafez

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 381KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

80c80a61c7c8e4d39c54eb3d1502189b

Headers

File Characteristics

Imports

kernel32

user32

gdi32

ws2_32

wininet

Exports

Exports

Sections

.text Size: 72KB - Virtual size: 71KB

.rdata Size: 32KB - Virtual size: 30KB

.data Size: 48KB - Virtual size: 381KB

.rsrc Size: 4KB - Virtual size: 832B

.text
Size: 72KB - Virtual size: 71KB

.rdata
Size: 32KB - Virtual size: 30KB

.data
Size: 48KB - Virtual size: 381KB

.rsrc
Size: 4KB - Virtual size: 832B