f53a42f5ed33de435bd8601477b4ba8c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f53a42f5ed33de435bd8601477b4ba8c_JaffaCakes118
Size

184KB
MD5

f53a42f5ed33de435bd8601477b4ba8c
SHA1

2c69dc48f58edc5de7fb2d4edf8c806db39802d6
SHA256

c89c1b1051c2819714902ed4dca3b25cf40589a8bd46deee5cd76efd19d68d68
SHA512

c40a67b124918d2cf1f00f7cbec2f469e4be586096ee534fab241b48e0e10846bab9d9b160e4879ada560ca6b85858406a09bd132707e753d111663fee551f56
SSDEEP

3072:cONlECTxEYgSdyquI4fj8e75c05Ly+AoAZ:cCJ2ILuI4L8q5PZy+0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f53a42f5ed33de435bd8601477b4ba8c_JaffaCakes118

Files

f53a42f5ed33de435bd8601477b4ba8c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

684f414893a243f62307392488400b00

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateMutexA
WaitForMultipleObjects
CreateProcessA
GetSystemDirectoryA
GetStartupInfoA
CreatePipe
ReadFile
Sleep
WriteFile
FindClose
GetLastError
CopyFileA
GetModuleFileNameA
FindFirstFileA
DeleteFileA
WaitForSingleObject
TerminateProcess
ReleaseMutex
OutputDebugStringA
CreateThread
ExitProcess
UnmapViewOfFile
GetVersionExA
CloseHandle
MapViewOfFile
LocalFree
FreeLibrary
LoadLibraryA
PeekNamedPipe
GetProcAddress
LCMapStringA
SetStdHandle
FlushFileBuffers
GetOEMCP
LCMapStringW
GetACP
GetCPInfo
SetFilePointer
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
SetConsoleCtrlHandler
RtlUnwind
GetFileType
SetHandleCount
IsBadWritePtr
IsBadReadPtr
HeapValidate
GetCommandLineA
GetVersion
DebugBreak
GetStdHandle
InterlockedDecrement
InterlockedIncrement
HeapAlloc
HeapReAlloc
HeapFree
VirtualFree
VirtualAlloc
GetModuleHandleA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW

advapi32

DeleteService
OpenSCManagerA
CreateServiceA
CloseServiceHandle
OpenServiceA
StartServiceA
QueryServiceStatus
RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceCtrlDispatcherA
GetSecurityInfo
SetEntriesInAclA
SetSecurityInfo
ControlService

ws2_32

recv
send
shutdown
closesocket
WSAStartup
socket
bind
listen
accept
WSACleanup
htons

mpr

WNetAddConnection2A
WNetCancelConnection2A

Sections

.text
Size: 144KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

684f414893a243f62307392488400b00

Headers

File Characteristics

Imports

kernel32

advapi32

ws2_32

mpr

Sections

.text Size: 144KB - Virtual size: 141KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 16KB - Virtual size: 21KB

.idata Size: 4KB - Virtual size: 3KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 144KB - Virtual size: 141KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 16KB - Virtual size: 21KB

.idata
Size: 4KB - Virtual size: 3KB

.reloc
Size: 8KB - Virtual size: 4KB