f03668541df22cf7463dab3c80838b8c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f03668541df22cf7463dab3c80838b8c_JaffaCakes118
Size

156KB
MD5

f03668541df22cf7463dab3c80838b8c
SHA1

1bfdc4f2cfa48a1f063d1826992fbaf5e2924394
SHA256

36add09641a16e21256441336ee063873bd2acc8dd66f0b44bd650fddeab28ed
SHA512

2f4aabd3894a181b8d932fc943737e3162ea06321cb24487d11a906299c57e04ec76886aa4850545805a130bb518c8c443232f69a5c2e5c0969c3537dcd2a451
SSDEEP

3072:FwwqRuFrTmBG6qVwbB9B0VTotlI4Kofeoe2Xd+dOKoCmr9Dzt:FwwqRsvYd+6B0SRmzO1J

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f03668541df22cf7463dab3c80838b8c_JaffaCakes118

Files

f03668541df22cf7463dab3c80838b8c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

90f5781d68eca13ac930d328813c31e5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

shutdown
recvfrom
send
recv
gethostbyname
sendto
socket
getsockname
getsockopt
gethostname
setsockopt
getservbyname
htons

wtsapi32

WTSLogoffSession
WTSOpenServerA
WTSCloseServer

uxtheme

GetThemeTextExtent
OpenThemeData
CloseThemeData

netapi32

NetApiBufferFree
NetGetAnyDCName
NetUserGetInfo

setupapi

SetupRemoveSectionFromDiskSpaceListA
SetupQueueCopySectionA
SetupAddInstallSectionToDiskSpaceListA
SetupAddSectionToDiskSpaceListA
SetupQueueDeleteSectionA
SetupRemoveInstallSectionFromDiskSpaceListA
SetupOpenLog
SetupCloseLog
SetupInitializeFileLogA
SetupQueryFileLogA
SetupLogErrorA
SetupFindNextLine
SetupFindFirstLineA
SetupRemoveFileLogEntryA

kernel32

TerminateProcess
LCMapStringW
LCMapStringA
LoadLibraryA
GetProcAddress
IsBadWritePtr
HeapReAlloc
VirtualAlloc
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
HeapAlloc
WriteFile
RtlUnwind
HeapFree
VirtualFree
HeapCreate
HeapDestroy
GetCurrentThread
GetLastError
TlsGetValue
SetLastError
TlsFree
TlsSetValue
GetCurrentThreadId
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
UnhandledExceptionFilter
FatalAppExitA
LeaveCriticalSection
RemoveDirectoryA
TlsAlloc
GetProfileStringW
CreateEventA
ResetEvent
PulseEvent
ExitProcess
GetCurrentProcess
GetCommandLineA
GetVersion
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 797KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

90f5781d68eca13ac930d328813c31e5

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

wtsapi32

uxtheme

netapi32

setupapi

kernel32

Sections

.text Size: 24KB - Virtual size: 21KB

.rdata Size: 48KB - Virtual size: 46KB

.data Size: 72KB - Virtual size: 797KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 24KB - Virtual size: 21KB

.rdata
Size: 48KB - Virtual size: 46KB

.data
Size: 72KB - Virtual size: 797KB

.reloc
Size: 8KB - Virtual size: 4KB