16a1bf8d89ecf9a5e7be3cadeaf03bd0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

16a1bf8d89ecf9a5e7be3cadeaf03bd0_JaffaCakes118
Size

35KB
MD5

16a1bf8d89ecf9a5e7be3cadeaf03bd0
SHA1

6533cda2d54b2f457cacf0f55911dc548e7feaf1
SHA256

ab32bc525dfc2eb2666fe7c94b3ffab78c53b150f5cc16c6f9512e25d7a82e9d
SHA512

0389d26a693bf090e16a8a98da9ae72eca96cd06a08262c04390abbd47455b521610f20b418b90a1cdcc665381188d9de21bf46545bd7886f6d6b5c8c1c61cbd
SSDEEP

768:0G9w6tf4uLV6hAl+R49XbR0mOe0A+Z8Zyp4ChsIx2VI2vgs:1fLaUn9Lqref+ZKAhs2II2gs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/6823d724b0e29d4a27f48c1aac5ac92b4d4e908065db783b1955c99694e16c7d.exe

Files

16a1bf8d89ecf9a5e7be3cadeaf03bd0_JaffaCakes118
.zip
6823d724b0e29d4a27f48c1aac5ac92b4d4e908065db783b1955c99694e16c7d.exe
.exe windows:4 windows x86 arch:x86

359c92afff74cedd9d095f7b78e21d78

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\work\qigu\Alexacn\output\HoldProcess.pdb

Imports

kernel32

GetSystemTime
GetTickCount
CloseHandle
GetVersionExA
DeviceIoControl
CreateFileA
WaitForSingleObject
ReleaseMutex
GetLastError
CreateMutexA
SetStdHandle
SystemTimeToFileTime
GetOEMCP
GetACP
GetStringTypeW
GetStringTypeA
GetSystemInfo
VirtualProtect
GetCPInfo
GetLocaleInfoA
SetFilePointer
VirtualQuery
InterlockedExchange
IsBadCodePtr
IsBadReadPtr
IsBadWritePtr
lstrlenA
FreeLibrary
LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
WriteFile
LCMapStringW
MultiByteToWideChar
FlushFileBuffers
RtlUnwind
ExitProcess
RaiseException
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
HeapAlloc
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
HeapReAlloc
TerminateProcess
GetCurrentProcess
HeapSize
HeapFree
SetUnhandledExceptionFilter
LCMapStringA
WideCharToMultiByte

user32

LoadAcceleratorsA
EndDialog
DialogBoxParamA
PostQuitMessage
DestroyWindow
DefWindowProcA
RegisterClassExA
LoadCursorA
DispatchMessageA
TranslateMessage
TranslateAcceleratorA
GetMessageA
UpdateWindow
ShowWindow
CreateWindowExA

advapi32

RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA

iphlpapi

GetAdaptersInfo

ws2_32

inet_ntoa
htons
gethostbyname
WSAStartup
WSACleanup
closesocket
bind
setsockopt
socket
sendto
inet_addr

Sections

.text
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

359c92afff74cedd9d095f7b78e21d78

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

iphlpapi

ws2_32

Sections

.text Size: 48KB - Virtual size: 46KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 80KB

.text
Size: 48KB - Virtual size: 46KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 80KB