d0ef23120aa551fb8844ed6cc907b097_JaffaCakes118

General

Target

d0ef23120aa551fb8844ed6cc907b097_JaffaCakes118
Size

44KB
MD5

d0ef23120aa551fb8844ed6cc907b097
SHA1

66c3783f5d613edff372a3a0cba13f99696da472
SHA256

420a744526faa28a4ae6fe81485dc8e4ee045686801ab7f4685c674e66907050
SHA512

df14229c66ee32f0b3bb9ea9e8d107fa920833f32bbc926051d7f7e7dfc207a68e54244357beba3e3fbc0d3c2824a6c0f8d1ea7cf9f1249b7e62efe037d5dab2
SSDEEP

768:fkKwu2EGjmvpfRGWexkfD5zz49/VnLjsas7Dezn:cXbEh57e8Rz49/F8nDezn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d0ef23120aa551fb8844ed6cc907b097_JaffaCakes118

Files

d0ef23120aa551fb8844ed6cc907b097_JaffaCakes118
.exe windows:4 windows x86 arch:x86

41a1afe81f63cb94958fd866d7704b2d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\Source\sloader_conc12np1\sloader_conc1\rk2\loader\Release\loader.pdb

Imports

kernel32

CreateFileA
CreateProcessA
WriteFile
GetTempFileNameA
GetTempPathA
ResumeThread
SetThreadContext
WriteProcessMemory
VirtualAllocEx
ReadProcessMemory
GetThreadContext
lstrcatA
GetEnvironmentVariableA
DeviceIoControl
Sleep
WaitForSingleObject
CreateMutexA
CreateThread
GetLastError
OpenMutexA
ExitThread
VirtualFree
CloseHandle
HeapFree
GetProcessHeap
HeapAlloc
QueryPerformanceCounter
HeapReAlloc
LCMapStringW
LCMapStringA
GetSystemInfo
VirtualAlloc
VirtualProtect
WideCharToMultiByte
GetLocaleInfoA
GetCPInfo
GetOEMCP
GetACP
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
ExitProcess
RtlUnwind
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
InterlockedExchange
VirtualQuery
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
LoadLibraryA

advapi32

RegSetValueExA
RegOpenKeyExA
RegCloseKey

ws2_32

socket
inet_addr
htons
setsockopt
send
recv
WSAStartup
gethostbyname
WSACleanup
connect
closesocket

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

41a1afe81f63cb94958fd866d7704b2d

Headers

File Characteristics

PDB Paths

Imports

kernel32

advapi32

ws2_32

Sections

.text Size: 20KB - Virtual size: 17KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 2.0MB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 20KB - Virtual size: 17KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 2.0MB

.reloc
Size: 8KB - Virtual size: 6KB