ea6242e840a03c7b4b710e8034382fdb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ea6242e840a03c7b4b710e8034382fdb_JaffaCakes118
Size

48KB
MD5

ea6242e840a03c7b4b710e8034382fdb
SHA1

90c003d85b2b2070339b0c2695bef7fc0cf27e89
SHA256

149af999108ecda25b930eedad717985b4b5c019b677eca653a255adb0cdb34f
SHA512

2715ef2c9095d46c2e87d6b21f3ca9e93ba82dd40b81ba5011c131b36049da80fba4ad3dec5b7ebbde8f0266eba21f6322229cd74de4a05bc6c438f79fecc173
SSDEEP

768:uX9StHSwE8YyaPSpD5aWgwKeEapOvT+Rrm4y2+P+l1BWhSoQiD:uXlwuPID5aNwKvaovT6Fs+AHD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ea6242e840a03c7b4b710e8034382fdb_JaffaCakes118

Files

ea6242e840a03c7b4b710e8034382fdb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ca49b7dfab23ed03a8d1213feb043ad9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

g:\Vs2003\subaru\subaru_bin\subaru.pdb

Imports

kernel32

DeleteFileA
CreateDirectoryA
GetSystemDirectoryA
ExitProcess
GetExitCodeProcess
GetCurrentProcess
TerminateProcess
CreateFileA
Sleep
GetSystemDefaultLangID
GetVersionExA
CreateThread
GetLastError
HeapSize
LCMapStringW
WriteFile
CloseHandle
GlobalFree
CreateProcessA
LCMapStringA
GetSystemInfo
VirtualProtect
GetLocaleInfoA
SetStdHandle
GetCPInfo
GetOEMCP
GetACP
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
VirtualQuery
InterlockedExchange
LoadLibraryA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
SetFilePointer
GetFileType
SetHandleCount
RtlUnwind
HeapAlloc
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
GetProcAddress
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
FlushFileBuffers

user32

wsprintfA

advapi32

RegSetValueExA
RegCloseKey
RegCreateKeyA

wininet

InternetCloseHandle
HttpQueryInfoA
InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetReadFile

ws2_32

inet_ntoa
gethostbyname
gethostname
WSAStartup
WSACleanup

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ca49b7dfab23ed03a8d1213feb043ad9

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

wininet

ws2_32

iphlpapi

Sections

.text Size: 32KB - Virtual size: 29KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 7KB

.text
Size: 32KB - Virtual size: 29KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 7KB