12e7c58f5b326f21d2c15897130d655e_JaffaCakes118

General

Target

12e7c58f5b326f21d2c15897130d655e_JaffaCakes118
Size

208KB
MD5

12e7c58f5b326f21d2c15897130d655e
SHA1

fc3e7d620b723936348045d77d7bd2652edbc73a
SHA256

e842507cb7d1335ee6e68e154da44a0531bd7c7e1d333663142ebdcdc5b622f1
SHA512

946dd0aee85894dbc4a0cc8c128fa3db5a022b17da8ed6ecfc169f067d5808f2cca90552c187a702fecfeabd6c05e919b9d8937d51742703c05902e0875e74b2
SSDEEP

1536:upuIB/PXe3qpNO0RnZqjW/CRcE9NwkrgRBpRph8MNyL7pqVMvoIbe:2e3qFnZtEFrgRdphVNyZqVMvo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
12e7c58f5b326f21d2c15897130d655e_JaffaCakes118

Files

12e7c58f5b326f21d2c15897130d655e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

abb3ccd5ea73156f63332611f781db6e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

gethostbyname
socket
htons
connect
WSAGetLastError
closesocket
send
WSAStartup
WSACleanup

kernel32

IsBadReadPtr
IsBadWritePtr
LCMapStringW
LCMapStringA
IsBadCodePtr
SetUnhandledExceptionFilter
GetOEMCP
GetACP
GetCPInfo
GetCommandLineA
GetVersion
ExitProcess
RtlUnwind
GetLastError
CloseHandle
WriteFile
ReadFile
SetFilePointer
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DebugBreak
InterlockedDecrement
OutputDebugStringA
GetProcAddress
LoadLibraryA
InterlockedIncrement
GetModuleFileNameA
HeapReAlloc
VirtualAlloc
HeapValidate
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
HeapFree
VirtualFree
FlushFileBuffers
SetStdHandle
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
SetConsoleCtrlHandler
HeapAlloc

Sections

.text
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PEPACK!!
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

abb3ccd5ea73156f63332611f781db6e

Headers

File Characteristics

Imports

wsock32

kernel32

Sections

.text Size: 152KB - Virtual size: 152KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 16KB - Virtual size: 16KB

.idata Size: 4KB - Virtual size: 4KB

.reloc Size: 8KB - Virtual size: 8KB

PEPACK!! Size: 16KB - Virtual size: 16KB

.text
Size: 152KB - Virtual size: 152KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 16KB - Virtual size: 16KB

.idata
Size: 4KB - Virtual size: 4KB

.reloc
Size: 8KB - Virtual size: 8KB

PEPACK!!
Size: 16KB - Virtual size: 16KB