06e532019e27c4590c76f7b0784032ee_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

06e532019e27c4590c76f7b0784032ee_JaffaCakes118
Size

99KB
MD5

06e532019e27c4590c76f7b0784032ee
SHA1

5d3fd29c84adbf66f6587e69fcad5f1b726bc451
SHA256

d6e55fc2db6045abde48654b66fc187165dc435e745060d3c2ccf83489f01b77
SHA512

13124a0cdd299e700798780857e662544fd255bdcc3fc537505ec6c880e211bcddf99145d4c5c2a3ced27098bd9c8797ccd54bcc7c6193c64269a2ff65f6f0e4
SSDEEP

1536:vB8RMnxx/QO2MboKpT5cptB/dfx43RmMsh2et2xto+/faSQJ/weh5:p8gx/Z2MbhHcpXdfq3sMsh2xtoNS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
06e532019e27c4590c76f7b0784032ee_JaffaCakes118

Files

06e532019e27c4590c76f7b0784032ee_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a7f5867be6d4016bda576b82766242f8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathA
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
LoadLibraryA
GetTickCount
QueryPerformanceCounter
QueryPerformanceFrequency
GetTimeFormatA
GetLocalTime
CreateThread
DeleteFileA
TerminateThread
ExpandEnvironmentStringsA
CloseHandle
CreateMutexA
CreateFileA
GetVersionExA
GlobalMemoryStatus
FreeLibrary
MultiByteToWideChar
WideCharToMultiByte
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
SetEndOfFile
GetOEMCP
GetACP
GetCPInfo
FlushFileBuffers
SetStdHandle
GetLastError
Sleep
GetSystemDirectoryA
CopyFileA
WriteFile
CreateProcessA
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
SetFilePointer
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetVersion
GetCommandLineA
GetStartupInfoA
GetCurrentProcess
ReadFile
TerminateProcess
ExitProcess
HeapFree
HeapAlloc
RtlUnwind

user32

SendMessageA
FindWindowA

mpr

WNetAddConnection2A
WNetCancelConnection2A

advapi32

RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegDeleteValueA

shell32

ShellExecuteA

ws2_32

bind
listen
accept
WSASocketA
setsockopt
htonl
sendto
WSAGetLastError
gethostbyname
WSAStartup
WSACleanup
closesocket
inet_addr
htons
socket
connect
send
recv
getsockname
inet_ntoa
gethostbyaddr
select
WSAAsyncSelect
__WSAFDIsSet
ntohl
ioctlsocket

wininet

InternetOpenUrlA
InternetReadFile
InternetCloseHandle
InternetOpenA

rpcrt4

NdrFreeBuffer
NdrSendReceive
NdrConformantStringMarshall
NdrGetBuffer
NdrConformantStringBufferSize
NdrClientInitializeNew
RpcRaiseException
NdrConvert
NdrPointerMarshall
NdrPointerBufferSize
NdrConformantStringUnmarshall
NdrServerInitializeNew
I_RpcGetBuffer
NdrPointerUnmarshall
RpcStringBindingComposeA
RpcStringFreeA
RpcBindingToStringBindingA
UuidToStringA
RpcMgmtEpEltInqNextA
RpcMgmtEpEltInqBegin
RpcBindingFromStringBindingA
RpcBindingFree

Sections

.text
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a7f5867be6d4016bda576b82766242f8

Headers

File Characteristics

Imports

kernel32

user32

mpr

advapi32

shell32

ws2_32

wininet

rpcrt4

Sections

.text Size: 72KB - Virtual size: 72KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 19KB - Virtual size: 141KB

.text
Size: 72KB - Virtual size: 72KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 19KB - Virtual size: 141KB