d38d4e4cc942353f8087563be52f2431_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d38d4e4cc942353f8087563be52f2431_JaffaCakes118
Size

551KB
MD5

d38d4e4cc942353f8087563be52f2431
SHA1

0cde8a5238e69cf82e603a5b243563ca8db2505d
SHA256

056fa5ccdb2483100bb338aed8ee6a0106599ddcc95f63c6ad73b934443731e1
SHA512

4893300c170cdd1e24ee22f73d599a1bfff4603e6eb124cf983c23c54766db329ae94ad3d80a18cb1dfa68c647e29549f655f5a404577f1681bc58e9602f6de5
SSDEEP

6144:ydvyP1EI8K1C+HpZ0BBfrHL1Rzsg8uW56eS1:ydvyP1EI8K1CoZ8BzHL3yVrS1

Score

1^/10

Malware Config

Signatures

Files

d38d4e4cc942353f8087563be52f2431_JaffaCakes118
.exe windows:5 windows x86 arch:x86

0b95c786de5a64c203825c539484b0ea

Code Sign

8b:66:64:38:54:b1:a4:6c:1e:d8:87:15:0a:aa:d0:bf:33:a8:14:23
Signer

Actual PE Digest

8b:66:64:38:54:b1:a4:6c:1e:d8:87:15:0a:aa:d0:bf:33:a8:14:23

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
WideCharToMultiByte
GetFileAttributesW
MultiByteToWideChar
GetCurrentDirectoryW
LocalFileTimeToFileTime
GetTickCount
SetLastError
OutputDebugStringA
ReleaseMutex
CreateMutexW
GetCurrentProcessId
CreateProcessW
QueryPerformanceCounter
GetSystemTimeAsFileTime
SetEndOfFile
SetFilePointerEx
GetStdHandle
TerminateProcess
ResumeThread
GetModuleHandleW
GetProcAddress
GetCurrentThreadId
IsDebuggerPresent
LocalFree
RaiseException
CreateThread
SetUnhandledExceptionFilter
GetModuleHandleExW
SystemTimeToFileTime
InterlockedExchange
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetACP
LoadLibraryW
ExitProcess
InterlockedDecrement
SetEnvironmentVariableA
LoadLibraryExW
WriteConsoleW
GetTimeZoneInformation
ReadConsoleW
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSize
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetStartupInfoW
UnhandledExceptionFilter
GetCPInfo
GetFileType
SetStdHandle
HeapReAlloc
GetConsoleMode
GetConsoleCP
GetProcessHeap
HeapAlloc
IsProcessorFeaturePresent
ExitThread
HeapFree
RtlUnwind
GetStringTypeW
DecodePointer
EncodePointer
LoadLibraryExA
FreeLibrary
GetLastError
lstrlenW
SetFilePointer
FlushFileBuffers
CreateFileW
ReadFile
WriteFile
GetCurrentProcess
OutputDebugStringW
GetCommandLineW
CreateEventW
CloseHandle
WaitForSingleObject
SetEvent
GetExitCodeProcess
DeleteFileW
CreateDirectoryW
GetTempPathW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
Sleep
GetModuleFileNameW

user32

MessageBoxW
wsprintfW

shell32

ShellExecuteExW

shlwapi

PathFileExistsW
StrStrIA
StrToIntW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

ws2_32

select
WSAGetLastError
htons
WSACleanup
inet_addr
socket
__WSAFDIsSet
closesocket
gethostbyname
send
WSAStartup
connect
recv
ioctlsocket

Sections

.text
Size: 273KB - Virtual size: 273KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 163KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0b95c786de5a64c203825c539484b0ea

Code Sign

8b:66:64:38:54:b1:a4:6c:1e:d8:87:15:0a:aa:d0:bf:33:a8:14:23Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

shlwapi

version

ws2_32

Sections

.text Size: 273KB - Virtual size: 273KB

.rdata Size: 70KB - Virtual size: 70KB

.data Size: 9KB - Virtual size: 22KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 25KB - Virtual size: 25KB

.reloc Size: 163KB - Virtual size: 162KB

8b:66:64:38:54:b1:a4:6c:1e:d8:87:15:0a:aa:d0:bf:33:a8:14:23
Signer

.text
Size: 273KB - Virtual size: 273KB

.rdata
Size: 70KB - Virtual size: 70KB

.data
Size: 9KB - Virtual size: 22KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 25KB - Virtual size: 25KB

.reloc
Size: 163KB - Virtual size: 162KB