c982c9b3b1efac9820d270f7538e0b50_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c982c9b3b1efac9820d270f7538e0b50_JaffaCakes118
Size

340KB
MD5

c982c9b3b1efac9820d270f7538e0b50
SHA1

fc638524e20abe13763b2c5285b8c9e241df01d1
SHA256

22d1bd4ffba00398579e1363a02b8c17fa72f9496d38841677c116a7b5edb7ce
SHA512

a34ab374e7152e302005ace93891d5b5c7660d14539d13c060f0a9d7e59e209ba205a10d25a8d5a5f074a5ad6523f2fa9a7e3de37b072b7101da4b96c086aea5
SSDEEP

6144:UeS7g/bRoOXYJgzDLEkA4kSnUnE7Qea/6AHN:07gTZXYJgzHEkNa/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c982c9b3b1efac9820d270f7538e0b50_JaffaCakes118

Files

c982c9b3b1efac9820d270f7538e0b50_JaffaCakes118
.exe windows:4 windows x86 arch:x86

85f2b53d8a6d9d254b8f3333da9d5b4f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

gethostbyname
shutdown
closesocket
setsockopt
send
recv
socket
WSAGetLastError
ioctlsocket
htons
getservbyname
ntohs
connect
WSAStartup
WSACleanup

kernel32

GetCurrentDirectoryA
GetDriveTypeA
SetEndOfFile
GetLocaleInfoW
CompareStringW
CompareStringA
LCMapStringW
LCMapStringA
LoadLibraryA
GetOEMCP
GetACP
SetStdHandle
GetStringTypeW
GetStringTypeA
Sleep
LeaveCriticalSection
EnterCriticalSection
CloseHandle
GetFullPathNameA
WaitNamedPipeA
CreateFileA
GetLastError
GetWindowsDirectoryA
DeleteCriticalSection
InitializeCriticalSection
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
InterlockedIncrement
ReadFile
WriteFile
CreateSemaphoreA
InterlockedDecrement
SetNamedPipeHandleState
GetFileAttributesA
SetConsoleCtrlHandler
ExitProcess
TerminateProcess
GetCurrentProcess
GetCommandLineA
GetVersion
WideCharToMultiByte
GetTimeZoneInformation
MultiByteToWideChar
HeapAlloc
HeapFree
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
WriteConsoleA
FindFirstFileA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
HeapReAlloc
UnhandledExceptionFilter
GetCurrentThreadId
SetLastError
FlushFileBuffers
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
SetEnvironmentVariableW
SetEnvironmentVariableA
GetCPInfo
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
VirtualAlloc
GetProcAddress
RaiseException
SetFilePointer

advapi32

RegEnumValueA
RegCloseKey
RegOpenKeyExA

Sections

.text
Size: 128KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 100KB - Virtual size: 300KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

��
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

85f2b53d8a6d9d254b8f3333da9d5b4f

Headers

File Characteristics

Imports

wsock32

kernel32

advapi32

Sections

.text Size: 128KB - Virtual size: 126KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 100KB - Virtual size: 300KB

�� Size: 96KB - Virtual size: 96KB

.text
Size: 128KB - Virtual size: 126KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 100KB - Virtual size: 300KB

��
Size: 96KB - Virtual size: 96KB