df4d435f77d8cf561c76bd439f580c27_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

df4d435f77d8cf561c76bd439f580c27_JaffaCakes118
Size

26KB
MD5

df4d435f77d8cf561c76bd439f580c27
SHA1

be0cf2d5cd0ccca09b8dfedabc36758d779b1a1e
SHA256

160ce8c7ceacdf1842e3d1e72b048bf31ef4ff0dbebe612865b91371740ffd3a
SHA512

acd07cfff9e919429ae6a1a9135d8a5adec2a32bb21e2a359e50f3a05a079ab8c3a5069ecd13e512c9b1e951eb75670e46e2968e291c304e3a09a8f0b039e9e3
SSDEEP

384:LfxuTmk4ahJHR75Xx6CI240V+U1gw0H8cxMABIp4ztFSpBqQM4Jy9+:Lfkik4UftdIFpU1gFcteSjqQMuyE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
df4d435f77d8cf561c76bd439f580c27_JaffaCakes118

Files

df4d435f77d8cf561c76bd439f580c27_JaffaCakes118
.exe .js windows:1 windows x86 arch:x86 polyglot

b67c99695f81ce606551724478e63624

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

SysAllocString

ole32

CoCreateInstance
CLSIDFromString
CoInitialize
CoUninitialize

wsock32

WSAGetLastError
WSAStartup
closesocket
connect
gethostbyname
htons
inet_addr
ioctlsocket
ntohs
recv
select
send
socket

iphlpapi

GetNetworkParams

kernel32

FileTimeToDosDateTime
FindFirstFileA
FindNextFileA
FormatMessageA
GetCommandLineA
GetFileSize
GetModuleHandleA
CloseHandle
GetProcAddress
GetSystemTimeAsFileTime
GetTickCount
GetWindowsDirectoryA
CopyFileA
LoadLibraryA
CreateFileA
ReadFile
RtlUnwind
RtlZeroMemory
Sleep
TerminateThread
WinExec
CreateThread
DeleteFileA

user32

GetWindowTextA
GetForegroundWindow
LoadCursorA
LoadIconA
SetTimer
KillTimer
RegisterClassA
MessageBoxA
GetMessageA
TranslateMessage
DispatchMessageA
PostQuitMessage
CreateWindowExA
DefWindowProcA

gdi32

GetStockObject

advapi32

RegEnumValueA
RegCloseKey
RegOpenKeyA
RegSetValueExA

crtdll

_filelength
_fileno
__GetMainArgs
exit
fclose
fgets
fopen
fprintf
fread
free
fwrite
malloc
memcpy
printf
raise
signal
sprintf
strcat
strchr
strcmp
strcpy
strlen
strncat
strncmp
strncpy

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 439KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b67c99695f81ce606551724478e63624

Headers

File Characteristics

Imports

oleaut32

ole32

wsock32

iphlpapi

kernel32

user32

gdi32

advapi32

crtdll

Sections

.text Size: 18KB - Virtual size: 18KB

.bss Size: - Virtual size: 439KB

.data Size: 3KB - Virtual size: 3KB

.idata Size: 2KB - Virtual size: 2KB

.text
Size: 18KB - Virtual size: 18KB

.bss
Size: - Virtual size: 439KB

.data
Size: 3KB - Virtual size: 3KB

.idata
Size: 2KB - Virtual size: 2KB