d6222819a89f890c953e82fc35b0d344_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d6222819a89f890c953e82fc35b0d344_JaffaCakes118
Size

536KB
MD5

d6222819a89f890c953e82fc35b0d344
SHA1

d46bbd7436bae229ad24f7c5e95d55fd477c7f29
SHA256

46749934b318871406e7590a8cb47de074bf5fe8a27529b8b7b32ccf32f54fa5
SHA512

45136f7c396668b195a63af5c204f3492217df6f8cc57ef331a1afd8d4f77cd678f739ea8c9dec39fc0d55a0d44c4364675e65dd4bc50fec6a3b9c72b9a0c933
SSDEEP

12288:glMMnMMMMMUv4v2NTBVkgHuXFzgR3sMMVVWt6t1oTk8yAKt:glMMnMMMMMQ4O9uNgxHIQwosNt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d6222819a89f890c953e82fc35b0d344_JaffaCakes118

Files

d6222819a89f890c953e82fc35b0d344_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5d1cd4c9876166af71d8be8f1b538251

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtWaitForMultipleObjects
RtlAdjustPrivilege
RtlInitUnicodeString

ws2_32

WSAEventSelect
getaddrinfo
freeaddrinfo
WSAStringToAddressA
getnameinfo
WSARecvFrom
WSASocketW
WSAIoctl
WSALookupServiceNextW
WSASendTo
WSALookupServiceEnd
WSAAddressToStringA
WSAAddressToStringW
WSALookupServiceBeginW

mswsock

AcceptEx
GetAcceptExSockaddrs

kernel32

InterlockedIncrement
HeapCreate
VirtualAlloc
LeaveCriticalSection
RegisterWaitForSingleObject
TerminateProcess
GetCurrentThreadId
HeapDestroy
CreateMutexW
CreateFileW
WideCharToMultiByte
HeapFree
SetEvent
HeapAlloc
ChangeTimerQueueTimer
EnterCriticalSection
LoadLibraryW
QueryPerformanceCounter
HeapReAlloc
InitializeCriticalSection
DeleteCriticalSection
InterlockedDecrement
GetTickCount
DeleteTimerQueue
GetComputerNameExW
CloseHandle
UnhandledExceptionFilter
ReadFile
ExpandEnvironmentStringsW
UnregisterWait
BindIoCompletionCallback
CreateEventW
GetSystemTimeAsFileTime
CreateMutexA
WaitForSingleObject
GetLastError
DeviceIoControl
WriteFile
CreateTimerQueueTimer
QueueUserWorkItem
DeleteTimerQueueTimer
Sleep
SetUnhandledExceptionFilter
InterlockedExchange
MultiByteToWideChar
UnregisterWaitEx
ReleaseMutex
CreateTimerQueue
GetProcAddress
DisableThreadLibraryCalls
GetCurrentProcessId
SetLastError

ddraw

DirectDrawCreate

dnsapi

DnsReplaceRecordSetW

ole32

CoInitializeEx
CoCreateInstance
CoUninitialize
CoTaskMemFree

advapi32

CryptGenRandom
CryptReleaseContext
RegisterServiceCtrlHandlerW
RegQueryValueExW
SetServiceStatus
RegEnumValueW
RegEnumKeyExW
RegCloseKey
RegOpenKeyExW
CryptAcquireContextW

msvcrt

memmove
_adjust_fdiv
free
_wcsicmp
memset
wcscmp
swprintf
memcpy
strlen
malloc
wcscat
wcslen
_except_handler3
wcscpy
wcsncpy
_initterm
memcmp
wcschr

iphlpapi

NotifyAddrChange
NotifyRouteChange
GetAdaptersInfo
GetAdaptersAddresses

Sections

.text
Size: 4KB - Virtual size: 880B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rdata
Size: 424KB - Virtual size: 422KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5d1cd4c9876166af71d8be8f1b538251

Headers

File Characteristics

Imports

ntdll

ws2_32

mswsock

kernel32

ddraw

dnsapi

ole32

advapi32

msvcrt

iphlpapi

Sections

.text Size: 4KB - Virtual size: 880B

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 88KB - Virtual size: 87KB

.data Size: 8KB - Virtual size: 2.0MB

.reloc Size: 4KB - Virtual size: 64B

.rdata Size: 424KB - Virtual size: 422KB

.text
Size: 4KB - Virtual size: 880B

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 88KB - Virtual size: 87KB

.data
Size: 8KB - Virtual size: 2.0MB

.reloc
Size: 4KB - Virtual size: 64B

.rdata
Size: 424KB - Virtual size: 422KB