beae90a4c4d0637f34b0c432a292e3d2_JaffaCakes118

General

Target

beae90a4c4d0637f34b0c432a292e3d2_JaffaCakes118
Size

437KB
MD5

beae90a4c4d0637f34b0c432a292e3d2
SHA1

94d5a653a4010da4f76742dca992239bab4ac4ca
SHA256

cbd589bd0b27a84befb4f8bd187cb842a0ea12a1bc79c507985229188f547220
SHA512

33241e2ad2cf2a9b0c309eaa163868227c6b3d0e9ab039ac3b6b84483de7740f6ebbf86489b6c2a65ff08e5d1671a199cc7b1f9c985691edb62c2090f0f644bb
SSDEEP

12288:OEC1Fo9faQp++gs7s7ytNr72gUxNBRh9:r9f/pMMs78UbB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
beae90a4c4d0637f34b0c432a292e3d2_JaffaCakes118

Files

beae90a4c4d0637f34b0c432a292e3d2_JaffaCakes118
.exe windows:5 windows x86 arch:x86

20f2fec40949ae4143aa47adc0a1cd91

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStartupInfoA
SetFilePointerEx
GetProcessHeap
QueryPerformanceCounter
lstrcmpA
GetModuleHandleA
HeapAlloc
HeapFree
VirtualAlloc

olepro32

OleTranslateColor
DllGetClassObject

wsock32

NPLoadNameSpaces
gethostname
WSACancelAsyncRequest
WSARecvEx
getpeername
closesocket
GetTypeByNameA
SetServiceA
SetServiceW
WSACleanup
MigrateWinsockConfiguration
ntohs
WSAAsyncGetProtoByNumber
WSAAsyncGetServByName
gethostbyname
WSACancelBlockingCall

gdi32

StretchDIBits
GetPaletteEntries
DeleteDC
CreatePen
EnumICMProfilesA
EngMultiByteToUnicodeN
SetMapMode

msvcrt

_purecall
strlen
wscanf
__p__fmode
_mbsnbcat
_sopen
exit
_acmdln
_initterm
_spawnve
_controlfp
memcmp
_except_handler3
__set_app_type
iswalnum
_exit
_getdllprocaddr
_cprintf
fputwc
strcoll
_kbhit
_y1
_adjust_fdiv
_ungetch
_unlock
??3@YAXPAX@Z
sscanf
vswprintf
_wstat
wcsrchr
_mbsninc
_ismbclegal
_setmaxstdio
__getmainargs
__setusermatherr
_daylight
_XcptFilter
__p__commode
_mbspbrk
__crtLCMapStringA

msexch40

DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 431KB - Virtual size: 430KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 388B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

20f2fec40949ae4143aa47adc0a1cd91

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

olepro32

wsock32

gdi32

msvcrt

msexch40

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 431KB - Virtual size: 430KB

.reloc Size: 512B - Virtual size: 388B

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 431KB - Virtual size: 430KB

.reloc
Size: 512B - Virtual size: 388B