d02794505a135d406cb248bb04c0da91_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d02794505a135d406cb248bb04c0da91_JaffaCakes118
Size

156KB
MD5

d02794505a135d406cb248bb04c0da91
SHA1

90e598f0fdb5086f0df2e67754f18f616a79fbae
SHA256

c89733ccccd26ccc9684e296913426de53b3b3b584fd16afaac28d70576a5498
SHA512

18ed246678ae204474de6413a6a168e10fedc3650044f98e286a4efc019eb55a63f57523bded01aceaf26c44cee5a4855d4388dd37ace45a5ecfb05bea276444
SSDEEP

3072:/SpJOxSBob2+Tv2hZqxIgLusKuXFqMUVLCv7uTe/w32V9Dht7NXYviU3BaP:eYx/a/HA/K2wMU4v6n2VLtdGB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d02794505a135d406cb248bb04c0da91_JaffaCakes118

Files

d02794505a135d406cb248bb04c0da91_JaffaCakes118
.exe windows:4 windows x86 arch:x86

02eab80f10864cdf43be49ca10c1e1e0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLocalTime
GetStdHandle
GetModuleFileNameA
LocalAlloc
CreateFileMappingA
GetLastError
MapViewOfFile
UnmapViewOfFile
OpenFileMappingA
CloseHandle
CreateMutexA
OpenMutexA
CreateProcessA
SetLastError
DeleteFileA
GetTempPathA
GetTempFileNameA
CopyFileA
SetFileAttributesA
Sleep
InterlockedExchange
InterlockedExchangeAdd
ExitProcess
WaitForSingleObject
lstrcmpiA
lstrcpynA
CreateEventA
SetEvent
CompareStringA
WaitForMultipleObjects
GetFileAttributesA
GetCommandLineA
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetConsoleOutputCP
WriteConsoleA
TlsSetValue
CreateThread
ResumeThread
ExitThread
GetStartupInfoA
GetModuleHandleA
RtlUnwind
HeapCreate
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
HeapValidate
DeleteCriticalSection
CreateFileA
TlsAlloc
GetCurrentThreadId
TlsFree
TlsGetValue
MultiByteToWideChar
WideCharToMultiByte
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetFileType
GetCurrentProcess
DuplicateHandle
SetHandleCount
GetEnvironmentStrings
FreeEnvironmentStringsA
VirtualAlloc
VirtualQuery
GetConsoleMode
WriteFile
SetStdHandle
SetConsoleCtrlHandler
SetFilePointer
ReadFile
GetConsoleCP
SetEndOfFile

advapi32

RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegOpenKeyExA
RegDeleteKeyA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetUserNameA
RegQueryValueExA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
QueryServiceStatus
ChangeServiceConfigA
ChangeServiceConfig2A
StartServiceA
CreateServiceA
DeleteService
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA

wsock32

WSAStartup
WSACleanup
socket
setsockopt
closesocket
select
inet_ntoa
htons
connect
bind
listen
accept
ntohs
recv
send
ioctlsocket
gethostbyname
getsockname
gethostname
inet_addr
sendto
recvfrom
WSAGetLastError

iphlpapi

GetIpForwardTable

wininet

InternetOpenA
InternetOpenUrlA
InternetCloseHandle
InternetReadFile

Sections

.text
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

02eab80f10864cdf43be49ca10c1e1e0

Headers

File Characteristics

Imports

kernel32

advapi32

wsock32

iphlpapi

wininet

Sections

.text Size: 47KB - Virtual size: 46KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 7KB - Virtual size: 8KB

.rsrc Size: 91KB - Virtual size: 91KB

.text
Size: 47KB - Virtual size: 46KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 7KB - Virtual size: 8KB

.rsrc
Size: 91KB - Virtual size: 91KB