d5b24ad1d913bcda8564caa378e384d6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d5b24ad1d913bcda8564caa378e384d6_JaffaCakes118
Size

388KB
MD5

d5b24ad1d913bcda8564caa378e384d6
SHA1

8326d6efaef40569a1a0e129d8a700633dec6859
SHA256

48414b605d31881be92522679e05bcb6ebfa2ade57c240ebe0181721828b98c1
SHA512

97f66234dc782bc8c58b927f90904375a79179c0669bc0f4c244bbcfd2b646be8ed9a2fce981d911438927d65426c53ddcb125fe54e97186ab3ba597174dcd81
SSDEEP

6144:KEh94ke4v9iCfSuU5c6xa1/Opgzk5bP5XRgaf/MHgVhZhZitmylMXwxqem2:vr8kfRTNygze5BTCgz7O5l5m2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d5b24ad1d913bcda8564caa378e384d6_JaffaCakes118

Files

d5b24ad1d913bcda8564caa378e384d6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ce2090a72c94d560855a7b9eece560fc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAGetQOSByName
WSASocketA
WSASetBlockingHook
WSASetServiceA
WSALookupServiceBeginA
WSASendTo
WSAHtonl
getprotobyname

kernel32

CreateFileW
SetCommMask
GetEnvironmentVariableW
SetProcessAffinityMask
GetPrivateProfileStringW
ReadConsoleA
ConnectNamedPipe
ScrollConsoleScreenBufferA
GetBinaryTypeA
lstrcatW
FreeResource
SetThreadAffinityMask
UnmapViewOfFile
GetVersion
GetTapeParameters
WriteConsoleOutputW
ReadFileScatter
GlobalReAlloc
_llseek
GetDiskFreeSpaceExA
GetProcessHeap
LocalLock
SizeofResource
ReadDirectoryChangesW
WaitNamedPipeA
SetTimeZoneInformation
ReadConsoleOutputA
GetSystemDirectoryW
IsBadWritePtr
FindFirstFileW
ReleaseMutex
FreeLibrary
ReadConsoleInputW
SetEndOfFile
ExitProcess
FindResourceExA

user32

SendMessageTimeoutA
AdjustWindowRectEx
LoadStringW
RegisterClassA
ChildWindowFromPointEx
VkKeyScanW

version

GetFileVersionInfoSizeA

advapi32

RegSetValueExW
ObjectCloseAuditAlarmA
DestroyPrivateObjectSecurity
GetPrivateObjectSecurity
CryptAcquireContextA
RegOpenKeyExW
GetAce
RegSetKeySecurity
RegUnLoadKeyW
OpenServiceA
ReportEventW
CryptSetProvParam
ReadEventLogW
OpenThreadToken
RegCreateKeyExW

comctl32

PropertySheetA
ImageList_AddMasked
ImageList_Remove
ImageList_Draw

Sections

.text
Size: 8KB - Virtual size: 201KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 4KB - Virtual size: 6B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 248KB - Virtual size: 246KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ce2090a72c94d560855a7b9eece560fc

Headers

File Characteristics

Imports

ws2_32

kernel32

user32

version

advapi32

comctl32

Sections

.text Size: 8KB - Virtual size: 201KB

.text Size: 4KB - Virtual size: 6B

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 248KB - Virtual size: 246KB

.rsrc Size: 8KB - Virtual size: 5KB

.text
Size: 8KB - Virtual size: 201KB

.text
Size: 4KB - Virtual size: 6B

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 248KB - Virtual size: 246KB

.rsrc
Size: 8KB - Virtual size: 5KB