0328d667e03887b4e7520b0dc51b15c9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0328d667e03887b4e7520b0dc51b15c9_JaffaCakes118
Size

324KB
MD5

0328d667e03887b4e7520b0dc51b15c9
SHA1

046b8f6cd9804460503190ba0d59494f7e33b3aa
SHA256

ee4e2e8f9c56bc400673753385d42493ca458d2b82a9ccb0ec43f04febc95a0b
SHA512

8dbc9d0d57c6a120c67a2a60ad3600bee4cade6ed0ed9a82b3fe4d4486334c57356434a8ada3dc629919057935fedbf4e5699d688e2eadc789faf7c192128cf0
SSDEEP

6144:DE78RFlze+Og1E6YKVSzS7oPdAjUG31DE3tpTgwTE7AM9pBXJD7GZ2amI:4gRSvFBKUzVFAjt4pV8pja8I

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0328d667e03887b4e7520b0dc51b15c9_JaffaCakes118

Files

0328d667e03887b4e7520b0dc51b15c9_JaffaCakes118
.exe windows:5 windows x86 arch:x86

12f50bb2d887691713351506e7eaa224

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

dnsapi

DnsReplaceRecordSetW

kernel32

GetFullPathNameW
ExpandEnvironmentStringsW
LeaveCriticalSection
DeleteFileW
GetSystemDefaultUILanguage
lstrlenA
GetModuleFileNameW
GetModuleHandleW
FindFirstFileW
GlobalFree
SetCurrentDirectoryW
lstrcpynW
FindResourceA
TlsGetValue
TlsFree
GetSystemTimeAsFileTime
SetErrorMode
LocalReAlloc
GetFileAttributesW
LoadLibraryW
LoadResource
TlsSetValue
GetDriveTypeW
SetEvent
WaitForSingleObject
QueryPerformanceCounter
LocalAlloc
GlobalLock
GetCurrentProcess
FindResourceExW
GlobalUnlock
FindNextFileW
InterlockedIncrement
WideCharToMultiByte
GetVolumeInformationW
SizeofResource
FindResourceW
UnhandledExceptionFilter
GetUserDefaultLCID
CreateEventW
GetShortPathNameW
ResetEvent
GetCurrentProcessId
GetProcAddress
LocalFree
EnterCriticalSection
LockResource
SetLastError
FreeResource
lstrcmpiW
InterlockedExchange
LocalSize
GlobalAlloc
GetProfileStringW
CloseHandle
MulDiv
InterlockedDecrement
TlsAlloc
DeleteCriticalSection
FreeLibraryAndExitThread
GetCurrentThreadId
GetLocaleInfoW
lstrcpyA
GetCurrentDirectoryW
GetACP
GetModuleHandleA
GlobalReAlloc
lstrcmpW
GetLastError
FormatMessageW
FindClose
InitializeCriticalSectionAndSpinCount
lstrlenW
GetTickCount
CreateThread
MultiByteToWideChar
LoadLibraryA
lstrcpyW
GetVersionExA
GetTempFileNameW
TerminateProcess
GetProcessVersion
FreeLibrary
SetUnhandledExceptionFilter
InterlockedCompareExchange
DelayLoadFailureHook
DisableThreadLibraryCalls
CreateFileW

userenv

RsopSetPolicySettingStatus

ole32

CoUninitialize
CoTaskMemFree
CoCreateInstance
CoInitializeEx

ntdll

wcslen
NtQueryVirtualMemory
RtlUnicodeToMultiByteSize
RtlIsNameLegalDOS8Dot3
RtlAnsiStringToUnicodeString
RtlInitUnicodeStringEx
NtAllocateVirtualMemory
_vsnwprintf
RtlUnicodeStringToAnsiString
strlen
memmove
_chkstk

mswsock

AcceptEx
GetAcceptExSockaddrs

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 276KB - Virtual size: 275KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 6KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

12f50bb2d887691713351506e7eaa224

Headers

DLL Characteristics

File Characteristics

Imports

dnsapi

kernel32

userenv

ole32

ntdll

mswsock

Sections

.text Size: 7KB - Virtual size: 6KB

.rsrc Size: 33KB - Virtual size: 33KB

.rdata Size: 276KB - Virtual size: 275KB

.data Size: 6KB - Virtual size: 1.4MB

.tls Size: 512B - Virtual size: 4KB

.text
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 33KB - Virtual size: 33KB

.rdata
Size: 276KB - Virtual size: 275KB

.data
Size: 6KB - Virtual size: 1.4MB

.tls
Size: 512B - Virtual size: 4KB