fbc12feda158a83fb8859cbfd3aeb052_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fbc12feda158a83fb8859cbfd3aeb052_JaffaCakes118
Size

206KB
MD5

fbc12feda158a83fb8859cbfd3aeb052
SHA1

61409ab6ba6cf9b18283eda824ed7357f08be6d9
SHA256

0bd9a0f67c4912a877922d6a75488b4deb6b9341e906be322e33fc561626b9b3
SHA512

eacaefdd13bb28ad37defc94f5cde86c8d2948a3ba4d7ea4124698157a50d8d0ccc5a376476e3891e5a462da4a30a57c686b1af9a51793fa0a6e70dd85b7357e
SSDEEP

3072:k3Ij0TxWnBQnFseEMBNmh/x/GsenjtISPFaOTK3f7ZyUptz8Qciy:k3cDCFoM2FN8nawY/3f7ZyUp5P

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fbc12feda158a83fb8859cbfd3aeb052_JaffaCakes118

Files

fbc12feda158a83fb8859cbfd3aeb052_JaffaCakes118
.exe windows:4 windows x86 arch:x86

46972d7c596645cc022da8017df371be

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FlushFileBuffers
CreateEventW
GetTempFileNameA
GetVersion
LocalAlloc
LocalFree
DeviceIoControl
WaitForSingleObject
GetCurrentProcess
GetTempPathW
LoadLibraryW
RemoveDirectoryW
CreateDirectoryA
ResetEvent
WaitForMultipleObjects
VirtualFree
VirtualProtect
VirtualAlloc
GetCurrentThreadId
GetCommandLineA
GetModuleHandleA
GetProfileStringW
LockResource
FindResourceA
FreeResource
GetDateFormatA
MoveFileExA
CreateFileW
GetLocalTime
GetSystemTime
QueryPerformanceCounter
DeleteFileW
GetVolumeInformationA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoA
MultiByteToWideChar
GetSystemTimeAsFileTime
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoA
SetUnhandledExceptionFilter
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
HeapDestroy
HeapCreate
GetTickCount
GetCurrentProcessId
LeaveCriticalSection
EnterCriticalSection
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
LoadLibraryA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
Sleep
HeapReAlloc
RtlUnwind
HeapSize

gdi32

CreateSolidBrush
CreateRectRgnIndirect
Rectangle
RestoreDC
SaveDC
ExtTextOutA
CreateFontIndirectA
StartDocA
EndPage
CreatePatternBrush

ws2_32

WSAStartup
WSACleanup
getsockopt
htonl
getservbyname
htons
ntohs
recv
send
recvfrom
WSAAddressToStringA
WSAWaitForMultipleEvents
WSAEnumNetworkEvents

Sections

.text
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 83KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

46972d7c596645cc022da8017df371be

Headers

File Characteristics

Imports

kernel32

gdi32

ws2_32

Sections

.text Size: 120KB - Virtual size: 119KB

.data Size: 83KB - Virtual size: 86KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 120KB - Virtual size: 119KB

.data
Size: 83KB - Virtual size: 86KB

.rsrc
Size: 1KB - Virtual size: 1KB