bf241c495a7493c1d7c16e5e1fb94055_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bf241c495a7493c1d7c16e5e1fb94055_JaffaCakes118
Size

862KB
MD5

bf241c495a7493c1d7c16e5e1fb94055
SHA1

8024b3990d9676db9910c862973709c6df90792a
SHA256

eac890d9a14cbdbb86a2aaabeb8a540da9b49e8f1f0473fe7be88d8a80394e14
SHA512

e16d56a791022598b7bfc0f62753998fefc5fd090e0ea5604df73014a20b46e931b0078ad34ee665fc839b7ce9ccd303ec81d95d87fe051c65779d51fae4943c
SSDEEP

24576:2FWWsF1Z4p3AEeVfKFG6Q3zw5PYSxG/Lq1usL:bWQWAjK1pPYSxh1L

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bf241c495a7493c1d7c16e5e1fb94055_JaffaCakes118

Files

bf241c495a7493c1d7c16e5e1fb94055_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9ecc1083dbb320bf48dad2db540962ed

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

sendto
accept
WSAAsyncGetServByPort
WSASendDisconnect

version

GetFileVersionInfoSizeA
VerInstallFileA
VerFindFileA

kernel32

EnumResourceNamesW
GetCommConfig
GetShortPathNameA
SwitchToFiber
SetupComm
TlsGetValue
OutputDebugStringA
SetCurrentDirectoryA
ReadDirectoryChangesW
ExitProcess
GetDateFormatA
LoadLibraryExA
LoadLibraryExW
GetCurrentProcessId
GetLongPathNameA
FreeEnvironmentStringsA
Beep
OpenMutexA
GetCompressedFileSizeW
SetEnvironmentVariableA
WriteProcessMemory
FormatMessageW
GetTickCount
GetNumberFormatW
EndUpdateResourceA
GetLogicalDriveStringsA
GlobalFindAtomW
GetCommModemStatus
WritePrivateProfileStructA
IsBadReadPtr
FindFirstFileW
CancelIo
GetStartupInfoA
OpenFile
GetOEMCP
LCMapStringA
FlushConsoleInputBuffer
GlobalAddAtomW
GetSystemInfo
SetConsoleActiveScreenBuffer
GetComputerNameW
GetTapeStatus
GetShortPathNameW
QueryDosDeviceA
_hread
SearchPathW
PeekConsoleInputW
GetProfileStringA
SetCommMask
CopyFileExW
GetSystemDirectoryW
SetThreadAffinityMask
lstrcpyA
VirtualLock
EnumResourceLanguagesW
CreateIoCompletionPort
ExpandEnvironmentStringsW

user32

SetWindowPlacement
MessageBoxIndirectW
SetWindowsHookExA
GetMenuStringW
InsertMenuItemA
TrackMouseEvent
LoadMenuIndirectA
GetProcessWindowStation
IsIconic
WinHelpA
SetLastErrorEx
IsDlgButtonChecked
GetUserObjectInformationW
RegisterHotKey
UnhookWinEvent
GetNextDlgTabItem
CreateDialogIndirectParamW
EnumClipboardFormats
CheckDlgButton

shell32

SHGetSpecialFolderPathA
SHLoadInProc
SHFileOperationW
SHBrowseForFolderA

oleaut32

QueryPathOfRegTypeLi
SysAllocStringLen
SafeArrayGetElement
SafeArrayRedim
VariantChangeType
LoadTypeLibEx

msvcrt

setlocale
isalnum
_get_osfhandle
_mbsnicmp
_lseek
_splitpath
towupper
_sopen
_exit
_snprintf
_wctime
strspn
wcstol
_mbscpy
_wfsopen
_errno
strcoll

Sections

.text
Size: 24KB - Virtual size: 240KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 603KB - Virtual size: 602KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9ecc1083dbb320bf48dad2db540962ed

Headers

File Characteristics

Imports

ws2_32

version

kernel32

user32

shell32

oleaut32

msvcrt

Sections

.text Size: 24KB - Virtual size: 240KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 603KB - Virtual size: 602KB

.rsrc Size: 17KB - Virtual size: 16KB

.text
Size: 24KB - Virtual size: 240KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 603KB - Virtual size: 602KB

.rsrc
Size: 17KB - Virtual size: 16KB