d7099c69767c7d3228a6e64a922ec5f7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d7099c69767c7d3228a6e64a922ec5f7_JaffaCakes118
Size

264KB
MD5

d7099c69767c7d3228a6e64a922ec5f7
SHA1

1000fa5abe4e3814e84379d5bb9c2068278fa7e8
SHA256

3ae22a838bf5a22f6d96727fdfc2ae0aa723528cabfa3e01b6dc7bc354838e5b
SHA512

1b2aee426b3f38406f23930a7e4932eb535365678b200f7b6cb9e5617a115b81418663ddd90c73c68f35bbbdfc50dc228c47a6dc11460e0229f935ac2ac2842c
SSDEEP

3072:+dr1j/lBkDetwHp5JMCEVHyt4zslSa20rVynqtfaZe:+h1zlBLwHvKCEVHyaAYa2iynm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d7099c69767c7d3228a6e64a922ec5f7_JaffaCakes118

Files

d7099c69767c7d3228a6e64a922ec5f7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

121443ff2317d2fe1314e977dc41b90a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
WriteFile
CreateFileA
GetLongPathNameA
GetTempPathA
GetModuleFileNameA
GetLastError
CreateDirectoryA
RemoveDirectoryA
CreateProcessA
TerminateProcess
WaitForSingleObject
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
DeleteFileA
Sleep
GetProcessHeap
HeapAlloc
GetTickCount
HeapFree
CopyFileA
GetCurrentProcessId
LCMapStringA
ReadFile
SetEndOfFile
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetOEMCP
GetACP
GetCPInfo
FlushFileBuffers
SetStdHandle
GetExitCodeProcess
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
SetFilePointer
IsBadCodePtr
SetConsoleCtrlHandler
SetUnhandledExceptionFilter
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
RtlUnwind
GetTimeZoneInformation
GetSystemTime
GetLocalTime
ExitProcess
GetCurrentProcess
GetFullPathNameA
IsBadWritePtr
IsBadReadPtr
HeapValidate
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
RaiseException
DebugBreak
GetStdHandle
InterlockedDecrement
OutputDebugStringA
GetProcAddress
LoadLibraryA
InterlockedIncrement
GetFileAttributesA
GetCurrentDirectoryA
GetDriveTypeA
HeapReAlloc
VirtualFree
VirtualAlloc
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
LCMapStringW

advapi32

RegQueryValueExA
RegDeleteValueA
RegOpenKeyA
RegSetValueExA
RegCloseKey
RegOpenKeyExA

shell32

ShellExecuteA

ws2_32

inet_ntoa
WSACleanup
recv
gethostname
connect
gethostbyname
htons
WSASocketA
WSAStartup
socket
inet_addr
sendto
WSAGetLastError
closesocket
ioctlsocket
send

wininet

HttpSendRequestA
InternetConnectA
InternetReadFile
InternetCloseHandle
InternetOpenA
InternetQueryDataAvailable
HttpOpenRequestA

Sections

.text
Size: 212KB - Virtual size: 208KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

121443ff2317d2fe1314e977dc41b90a

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

ws2_32

wininet

Sections

.text Size: 212KB - Virtual size: 208KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 20KB - Virtual size: 24KB

.idata Size: 4KB - Virtual size: 3KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 212KB - Virtual size: 208KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 20KB - Virtual size: 24KB

.idata
Size: 4KB - Virtual size: 3KB

.reloc
Size: 8KB - Virtual size: 6KB