002df6ba58245e0dea49650b0755e645_JaffaCakes118

General

Target

002df6ba58245e0dea49650b0755e645_JaffaCakes118
Size

120KB
MD5

002df6ba58245e0dea49650b0755e645
SHA1

a64f220f665ef882aab8714242f42254eb94fbc8
SHA256

d977948fc6fe12668d496aafe292b46baf146318b2f47ca9680d02245b693d02
SHA512

0d25ac9c4353a06fdf95861bdca45ae9ce56d9694ba83df637b3c39c13404c3210ed632a9ef12c78b541ade9ee9d6439441584c58ae07d7c54ab5bc52625f2af
SSDEEP

3072:AsJh4XZj/zAkhv+PuBHp+6gfrgGpX3YxPpfj3tJCeOv3L:ASozAk0ipJUrX3uRPCt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
002df6ba58245e0dea49650b0755e645_JaffaCakes118

Files

002df6ba58245e0dea49650b0755e645_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f02ea68a297fe0906f02b598875edefa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InitializeCriticalSection
DeleteCriticalSection
VirtualFree
GetProcAddress
LoadLibraryA
EnterCriticalSection
LeaveCriticalSection
VirtualAlloc
CreateEventA
CloseHandle
WaitForSingleObject
ResetEvent
lstrcpyA
WriteFile
SetFilePointer
Sleep
DeleteFileA
SetEvent
OutputDebugStringA
GetSystemDefaultUILanguage
InterlockedExchange
GetTickCount
CreateThread
FlushFileBuffers
SetStdHandle
LCMapStringW
LCMapStringA
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
RtlUnwind
RaiseException
GetLastError
GetCurrentThreadId
TlsSetValue
TlsGetValue
ExitThread
HeapFree
HeapAlloc
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TlsAlloc
SetLastError
SetUnhandledExceptionFilter
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapSize
UnhandledExceptionFilter
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
IsBadWritePtr
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
InterlockedDecrement
InterlockedIncrement
IsBadReadPtr
IsBadCodePtr
MultiByteToWideChar

user32

wsprintfA

netapi32

NetLocalGroupAddMembers
NetUserAdd

ws2_32

socket
gethostbyname
htons
inet_addr
setsockopt
WSAIoctl
WSACleanup
WSAStartup
inet_ntoa
connect

Sections

.text
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f02ea68a297fe0906f02b598875edefa

Headers

File Characteristics

Imports

kernel32

user32

netapi32

ws2_32

Sections

.text Size: 92KB - Virtual size: 91KB

.bss Size: - Virtual size: 10KB

.data Size: 24KB - Virtual size: 21KB

.text
Size: 92KB - Virtual size: 91KB

.bss
Size: - Virtual size: 10KB

.data
Size: 24KB - Virtual size: 21KB