db2f3dd0325dde9036713112f21a0d00_JaffaCakes118

General

Target

db2f3dd0325dde9036713112f21a0d00_JaffaCakes118
Size

158KB
MD5

db2f3dd0325dde9036713112f21a0d00
SHA1

8f923b2d7a986d2c18ecaa6d62e377c6c234fdbf
SHA256

ff500aa5f0e855b20fd9c4cd041eba77fa4dcdf4c239ae31ea1b1b6b3e9e4985
SHA512

13dadf1fd3c48dea989c495fd2d1a9dea8490cf65dc2333eb841d91d60549e07ca0a38ae43addad8c36c6c3cb6a528e73bc44622d73d5ecad599bd97f7957e5b
SSDEEP

3072:0yWjAZ6+fM7j65wcjM+EF6nKOwyX/BetmUm6XDBQyV8TJ:/WjA/M7yub4c0oLXVQyVo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
db2f3dd0325dde9036713112f21a0d00_JaffaCakes118

Files

db2f3dd0325dde9036713112f21a0d00_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b45ebd55579398114443f566c225d5ea

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\dev\release\main.pdb

Imports

kernel32

GetTempFileNameA
GetFileAttributesA
FindFirstChangeNotificationA
DeleteFileA
CopyFileA
InterlockedCompareExchange
InterlockedDecrement
GetWindowsDirectoryW
QueryPerformanceCounter
GetSystemTime
GetLocalTime
CreateFileW
MoveFileExA
GetDateFormatA
FreeResource
FindResourceA
LoadResource
GetSystemDirectoryW
CreateEventA
GlobalMemoryStatus
LeaveCriticalSection
FileTimeToSystemTime
CloseHandle
SetFilePointer
ReadFile
GetFileSize
CreateFileA
CopyFileW
CreateDirectoryA
ResetEvent
WaitForMultipleObjects
VirtualFree
VirtualProtect
VirtualAlloc
GetCommandLineA
GetModuleHandleA
GetCurrentThreadId
MoveFileW
GetStartupInfoA

ws2_32

WSACloseEvent
WSAConnect
WSACreateEvent
WSAGetOverlappedResult
WSASocketA
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
WSAAddressToStringA

msvcr71

malloc
_onexit
__dllonexit
_except_handler3
__set_app_type
__p__fmode
__p__commode
time
strncmp
memmove
strchr
atoi
exit
wcslen
fclose
fwrite
fseek
fopen
free
_controlfp
_c_exit
_exit
_XcptFilter
_ismbblead
_cexit
_acmdln
_amsg_exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b45ebd55579398114443f566c225d5ea

Headers

File Characteristics

PDB Paths

Imports

kernel32

ws2_32

msvcr71

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 65KB - Virtual size: 64KB

.data Size: 66KB - Virtual size: 66KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 65KB - Virtual size: 64KB

.data
Size: 66KB - Virtual size: 66KB

.rsrc
Size: 1KB - Virtual size: 1KB