daed8b383e1de4b38032b3cae195e0c4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

daed8b383e1de4b38032b3cae195e0c4_JaffaCakes118
Size

164KB
MD5

daed8b383e1de4b38032b3cae195e0c4
SHA1

ed6948394bb73b0917aba5ea88b13862151a11a5
SHA256

76986a9742612baa762956fa6a5b9471ff45540979fa61140ae058ebc98704d0
SHA512

958cb165a7b8a11d157093065af76a5ec38632efc32b51e07561be3f44263ee746ab764eae8a8eb8d5454f57be8dc0391a91e164f506fe1bb3057103976dd21b
SSDEEP

3072:5eYpSxOvKdT7BCI5+bx6VkgOIN4caRtqb4Sd59onn:5ewKUI5mxtgOAaRcr4n

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
daed8b383e1de4b38032b3cae195e0c4_JaffaCakes118

Files

daed8b383e1de4b38032b3cae195e0c4_JaffaCakes118
.exe windows:5 windows x86 arch:x86

20b087fd30037933e423b291c251cb6c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MultiByteToWideChar
Sleep
ReadFile
WriteFile
TransactNamedPipe
CloseHandle
CreateFileA
WaitForSingleObject
GetLastError
CreateEventA
GetModuleFileNameA
ExitThread
CreateThread
GetSystemDirectoryA
LeaveCriticalSection
EnterCriticalSection
GetTickCount
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LoadLibraryA
GetProcAddress
GetModuleHandleA
FormatMessageA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
SetFileTime
GetFileTime
CreateProcessA
ExpandEnvironmentStringsA
SetFileAttributesA
GetFileAttributesA
GetTempPathA
GetVersionExA
CopyFileA
GlobalMemoryStatus
GetTimeFormatA
GetDateFormatA
GetLocalTime
ExitProcess
DeleteFileA
lstrcmpiA
OpenProcess
GetCurrentProcessId
CreateMutexA
GetCurrentProcess
TerminateProcess
GetLocaleInfoA
TerminateThread
GetProcessHeap
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
HeapSize
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapAlloc
HeapFree
RaiseException
RtlUnwind
GetSystemTimeAsFileTime
GetModuleHandleW
GetCommandLineA
GetStartupInfoA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
GetStdHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetFileType
SetFilePointer
LCMapStringA
WideCharToMultiByte
LCMapStringW
GetConsoleCP
GetConsoleMode

mpr

WNetAddConnection2A

ws2_32

bind
listen
accept
WSAStartup
WSACleanup
ioctlsocket
htons
connect
recv
closesocket
socket
send
select
__WSAFDIsSet
setsockopt
inet_addr

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

.text
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 319KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

20b087fd30037933e423b291c251cb6c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

mpr

ws2_32

version

Sections

.text Size: 128KB - Virtual size: 128KB

.rdata Size: 25KB - Virtual size: 24KB

.data Size: 9KB - Virtual size: 319KB

.rsrc Size: 512B - Virtual size: 436B

.text
Size: 128KB - Virtual size: 128KB

.rdata
Size: 25KB - Virtual size: 24KB

.data
Size: 9KB - Virtual size: 319KB

.rsrc
Size: 512B - Virtual size: 436B