017edb755e555f3ee08fcbb18f36496a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

017edb755e555f3ee08fcbb18f36496a_JaffaCakes118
Size

236KB
MD5

017edb755e555f3ee08fcbb18f36496a
SHA1

dc2ddccc3ad9acefa81f97c9cab5a8ea6a46a05f
SHA256

ed12c403b401bb82a459cb99bd38a614527117278dc9bee2cd47be857c6a3f77
SHA512

4838b211f0d77fe97af1c1665782bdcb935c976808539b922bc1fcf1f47ea23c15bf6d9d4368c5418fd1b4053bdfbd002ef1ac3b9a175fa1390134d0e37f2a34
SSDEEP

6144:gnoiiArGstERvLPXUP7GXIlsiHc9DFhtPZBDrkbNm:pACYERvze7Gssi89DhR9kk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
017edb755e555f3ee08fcbb18f36496a_JaffaCakes118

Files

017edb755e555f3ee08fcbb18f36496a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

361d6c1ccf67f08aa0400992468698d2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoInitialize
CoRevokeClassObject
CoTaskMemFree
CoTaskMemAlloc

ws2_32

getservbyport
getprotobynumber
socket
setsockopt
ioctlsocket
listen
ntohl
inet_addr
recv
send
inet_ntoa

odbc32

ord133
ord74
ord142
ord43
ord44
ord145
ord147
ord154
ord155
ord59
ord166
ord167
ord68
ord69
ord170
ord72
ord24
ord26
ord28
ord29
ord31
ord132
ord173
ord37
ord138
ord139
ord75

sti

StiCreateInstanceW

kernel32

GetProcAddress
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
GetTimeZoneInformation
LCMapStringW
LCMapStringA
SetEndOfFile
SetConsoleCtrlHandler
GetStringTypeW
GetStringTypeA
GetOEMCP
GetACP
SetStdHandle
IsBadCodePtr
IsBadReadPtr
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
SetUnhandledExceptionFilter
FlushFileBuffers
WriteFile
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
UnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
SetFilePointer
ReadFile
CloseHandle
GetCurrentThread
GetLastError
TlsGetValue
SetLastError
WriteConsoleW
lstrlenA
GetComputerNameA
GetSystemTimeAsFileTime
SetSystemPowerState
GetCPInfo
QueryPerformanceCounter
GetVolumeInformationA
GetSystemTime
OpenProcess
GetVersionExA
GetModuleHandleA
GetDateFormatA
FindResourceA
HeapValidate
HeapReAlloc
GetLocalTime
CreateFileA
HeapFree
HeapAlloc
Sleep
LoadLibraryA
EnterCriticalSection
InitializeCriticalSection
InterlockedExchange
DeleteCriticalSection
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
RtlUnwind
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
RaiseException
FatalAppExitA
TerminateProcess
GetCurrentProcess
HeapSize
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 638KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

361d6c1ccf67f08aa0400992468698d2

Headers

File Characteristics

Imports

ole32

ws2_32

odbc32

sti

kernel32

Sections

.text Size: 80KB - Virtual size: 79KB

.rdata Size: 76KB - Virtual size: 75KB

.data Size: 76KB - Virtual size: 638KB

.text
Size: 80KB - Virtual size: 79KB

.rdata
Size: 76KB - Virtual size: 75KB

.data
Size: 76KB - Virtual size: 638KB