f62794bc1dd059794955bdd805c49853_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f62794bc1dd059794955bdd805c49853_JaffaCakes118
Size

1.4MB
MD5

f62794bc1dd059794955bdd805c49853
SHA1

9d5a66e8566616051be08178d2327c0d606938fd
SHA256

d077deb18dc37696ca1e3e66f8de277bf454dd3e8ab8549d8123ca773b244dc3
SHA512

b595103cef5617ae173a0c770a3696025a12053f648fe3fa4d6245f551b926364d9f158863d6b4b4479643411464409338e53125c0de897cf2da531a557dafb4
SSDEEP

24576:MfaCaKKvP1Qgrd8VvDdP/iqw+sfI6QpMl4VT/R:MfNap3Z8V9RPsT3uVT/R

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f62794bc1dd059794955bdd805c49853_JaffaCakes118

Files

f62794bc1dd059794955bdd805c49853_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8889424aac4142ea1d67164e8ae77704

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThreadId
GetTickCount
GetVolumeInformationW
GetSystemTime
QueryPerformanceCounter
GetLocalTime
MoveFileExW
CreateFileW
GetModuleHandleW
GetDateFormatW
LoadResource
SetSystemPowerState
FindNextFileW
GetCommandLineW
FindClose
FindFirstFileW
WriteConsoleA
DeleteFileW
GetStringTypeA
LoadLibraryA
GetProcAddress
HeapReAlloc
VirtualAlloc
GetModuleFileNameA
WriteFile
RtlUnwind
HeapFree
VirtualFree
HeapCreate
HeapDestroy
GetStartupInfoA
GetFileType
GetStdHandle
CloseHandle
CreateProcessW
VirtualProtect
Sleep
SetHandleCount
GetCommandLineA
GetEnvironmentStrings
GetEnvironmentStringsW
FreeEnvironmentStringsW
MultiByteToWideChar
FreeEnvironmentStringsA
GetModuleFileNameW
GetStringTypeW
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
HeapAlloc
ExitProcess
GetVersion
WideCharToMultiByte

user32

RegisterHotKey
GetClassNameW
EnumWindows
GetClassInfoExW
GetDC
GetWindowLongW
DrawTextW
DefWindowProcW
ReleaseDC
CheckMenuRadioItem
DispatchMessageW
DeferWindowPos
TranslateMessage
IsWindowEnabled
GetAsyncKeyState

gdi32

CreateSolidBrush
GetBkColor
CreatePatternBrush

ws2_32

getsockopt
recvfrom
send
ntohs
recv
getservbyport
socket
getservbyname
getprotobynumber
htons
setsockopt

version

GetFileVersionInfoW
GetFileVersionInfoSizeW

wininet

InternetOpenUrlW
InternetCloseHandle
InternetReadFile
InternetGetLastResponseInfoW
InternetSetFilePointer
InternetSetStatusCallbackW
InternetOpenW
HttpQueryInfoW
InternetQueryDataAvailable
InternetCanonicalizeUrlW
InternetCrackUrlW
InternetWriteFile

Sections

.text
Size: 140KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 480KB - Virtual size: 477KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 821KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.icon
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8889424aac4142ea1d67164e8ae77704

Headers

File Characteristics

Imports

kernel32

user32

gdi32

ws2_32

version

wininet

Sections

.text Size: 140KB - Virtual size: 137KB

.rdata Size: 480KB - Virtual size: 477KB

.data Size: 36KB - Virtual size: 821KB

.tls Size: 4KB - Virtual size: 100B

.rsrc Size: 4KB - Virtual size: 2KB

.icon Size: 28KB - Virtual size: 26KB

.text
Size: 140KB - Virtual size: 137KB

.rdata
Size: 480KB - Virtual size: 477KB

.data
Size: 36KB - Virtual size: 821KB

.tls
Size: 4KB - Virtual size: 100B

.rsrc
Size: 4KB - Virtual size: 2KB

.icon
Size: 28KB - Virtual size: 26KB