eaa541977a39a8524f9a433a0d3b9602_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

eaa541977a39a8524f9a433a0d3b9602_JaffaCakes118
Size

33KB
MD5

eaa541977a39a8524f9a433a0d3b9602
SHA1

3cdb8a9807d80cb88a24e0676390e37c822b03be
SHA256

8677660654b067ad03f606090803e11a6775a04b488329f7fb8488a60bd54dee
SHA512

7689503fa793b0435150daa138e0895fb59e6d0689e3cc0957a59e392801efff37d6c1118fd454a8dc3988ec5e07b4053cea357987b806b9e9940170858d7986
SSDEEP

768:KMjkCyaELrJNFtib0aDy23TY0MzB73c54eMnn92eViXpPJ:KMY5JN7gRDN3srzBQ+v5iNJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/wGateScan-3_0.exe

Files

eaa541977a39a8524f9a433a0d3b9602_JaffaCakes118
.zip
wGateScan-3_0.exe
.exe windows:4 windows x86 arch:x86

a2ee88aca97f3a682f893f2fc667c96a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Beep
CloseHandle
GetLastError
TerminateThread
ExitThread
WaitForMultipleObjects
WaitForSingleObject
TerminateProcess
GetFileType
RtlUnwind
VirtualAlloc
SetEndOfFile
HeapReAlloc
GetStringTypeW
GetStringTypeA
ReadFile
GetProcAddress
GetOEMCP
LoadLibraryA
HeapCreate
GetACP
GetCPInfo
SetEnvironmentVariableA
CompareStringW
CompareStringA
LCMapStringW
LCMapStringA
HeapFree
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapAlloc
HeapDestroy
SetStdHandle
VirtualFree
CreateFileA
FreeEnvironmentStringsW
CreateThread
GetCurrentProcess
SetFilePointer
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
SetHandleCount
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetStdHandle
MultiByteToWideChar
FlushFileBuffers
WriteFile

user32

DestroyWindow
ModifyMenuA
GetCursorPos
DestroyMenu
CreatePopupMenu
LoadBitmapA
SetClassLongA
DialogBoxParamA
InsertMenuA
SendMessageA
PostQuitMessage
MessageBoxA
CheckDlgButton
IsDlgButtonChecked
TranslateMessage
DispatchMessageA
CreateWindowExA
GetDlgItem
GetMessageTime
TrackPopupMenuEx
SendDlgItemMessageA
GetMessageA
EndDialog
BeginPaint
EndPaint
CreateDialogParamA
LoadIconA
ShowWindow

comdlg32

GetSaveFileNameA

comctl32

ord17

wsock32

send
WSACleanup
closesocket
recv
ioctlsocket
WSAStartup
gethostbyname
connect
WSAGetLastError
socket
htons

advapi32

RegCloseKey
RegOpenKeyA
RegCreateKeyA
RegQueryValueExA
RegSetValueExA

shell32

Shell_NotifyIconA

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a2ee88aca97f3a682f893f2fc667c96a

Headers

File Characteristics

Imports

kernel32

user32

comdlg32

comctl32

wsock32

advapi32

shell32

Sections

.text Size: 40KB - Virtual size: 39KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 8KB - Virtual size: 13KB

.rsrc Size: 12KB - Virtual size: 11KB

.text
Size: 40KB - Virtual size: 39KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 8KB - Virtual size: 13KB

.rsrc
Size: 12KB - Virtual size: 11KB