0caf71bc7172af1b990f317480ff32ee_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0caf71bc7172af1b990f317480ff32ee_JaffaCakes118
Size

826KB
MD5

0caf71bc7172af1b990f317480ff32ee
SHA1

a9b861ba62ad57f2a69b8bc21ff176ec755926f5
SHA256

4e59c319d08866342e19d1dde8d29437d705e17ccf37f66ab77bcbc5c2e1ac94
SHA512

340209831ac1b0c948c355ca2c575c6a94828462939a88e2039fd8f4366017530d420d789d1e2041d2d93253600743102ff5876cd0a09833ea6580851f2618f0
SSDEEP

24576:Mn3HBYpxWEKDUgL/NZKWmiYjCZJIJBJ7FjQT7feEC5Z4tV:oHMxfKJPFmiH+Jn7F+O5Z4tV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0caf71bc7172af1b990f317480ff32ee_JaffaCakes118

Files

0caf71bc7172af1b990f317480ff32ee_JaffaCakes118
.exe windows:5 windows x86 arch:x86

175fe881cb72a873ea1e4f74cb8cfdde

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MapUserPhysicalPages
WriteConsoleA
DelayLoadFailureHook
GetConsoleCP
DeleteVolumeMountPointA
VerLanguageNameW
FindResourceA
GetQueuedCompletionStatus
CreateProcessInternalW
SizeofResource
GlobalUnfix
GetTickCount
GetStringTypeExA
VirtualQueryEx
GetUserDefaultLCID
GetCurrentThread
ConsoleMenuControl
CreateMailslotW
FindFirstFileA
GetSystemInfo
SetConsoleMenuClose
LoadLibraryW
GetConsoleCursorMode
OpenFile
WaitNamedPipeW
EnumLanguageGroupLocalesA
WriteConsoleInputW
FindNextChangeNotification
SetCriticalSectionSpinCount
SetLastError

ws2_32

WSApSetPostRoutine
WSACancelBlockingCall
sendto
WSASend
WSAIoctl
WSARecvFrom
WSAAsyncSelect
WSAAsyncGetProtoByNumber
WSCGetProviderPath
WSAHtons
recvfrom
WSAJoinLeaf
WSAGetLastError
WSALookupServiceBeginW
WSASendDisconnect
gethostname
getservbyport
WSADuplicateSocketW
freeaddrinfo
WSAAsyncGetProtoByName
WSAHtonl
WSAAccept
WSAIsBlocking
connect
getprotobyname

sqlunirl

_RegRestoreKey_@12
_GetDiskFreeSpaceEx@16
_GetClassInfoEx_@12
_CreateMetaFile_@4
_OpenEvent_@12
_GetTabbedTextExtent_@20
_GetLogicalDriveStrings_@8
_GetICMProfile_@12
_ExtractIcon_@12
_DialogBoxIndirectParam_@20
_NDdeShareAdd_@20
_CallWindowProc@20
_DefDlgProc_@16
_GetPrivateProfileInt_@16
_trename
_GetToolsFilePath@16
_LoadCursor@8
_GetDlgItemText@16
_NDdeIsValidShareName_@4

oleaut32

CreateErrorInfo
VarUI8FromI2
VarBstrFromUI4
VarCyRound
VARIANT_UserUnmarshal
SafeArrayCopy
VarDecFromI8
VarAbs
VarUI2FromUI8
LHashValOfNameSys
VarR4FromR8
VarDateFromUI8
VarR4FromUI2
UnRegisterTypeLib
VarDecRound
VarDecAdd
VarI8FromBool
VarBoolFromI1
SafeArraySetIID
VarCyFromR8
VarR4FromUI1

perfproc

CloseSysProcessObject
OpenSysProcessObject
CollectSysProcessObjectData

Sections

.text
Size: 409KB - Virtual size: 408KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 142KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 157KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

175fe881cb72a873ea1e4f74cb8cfdde

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ws2_32

sqlunirl

oleaut32

perfproc

Sections

.text Size: 409KB - Virtual size: 408KB

.rdata Size: 142KB - Virtual size: 142KB

.data Size: 157KB - Virtual size: 1.5MB

.rsrc Size: 115KB - Virtual size: 115KB

.reloc Size: 1024B - Virtual size: 924B

.text
Size: 409KB - Virtual size: 408KB

.rdata
Size: 142KB - Virtual size: 142KB

.data
Size: 157KB - Virtual size: 1.5MB

.rsrc
Size: 115KB - Virtual size: 115KB

.reloc
Size: 1024B - Virtual size: 924B