29f7d0099916fc0e9bed5564ff697c6f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

29f7d0099916fc0e9bed5564ff697c6f_JaffaCakes118
Size

230KB
MD5

29f7d0099916fc0e9bed5564ff697c6f
SHA1

591777b0265d1739168ce67745b2dfa037826c63
SHA256

099514e8618b357f65aa1ef5330dc5b45d0db9a2e2d61c774a3a54f57e897185
SHA512

fc040466c6e3b1c2770a2557e91b078e868075288504519e03a31cb3d5172679e976c88dd84b8288e41a47a27b892c83a7b2a4ce635358acf8be010565882e12
SSDEEP

3072:TulDs1gRQdNt+PXT1ujBs32Ni6lkZWt4k6sc4gSagQ:T4s1AQvt+/MBy2NxlpLbgXd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
29f7d0099916fc0e9bed5564ff697c6f_JaffaCakes118

Files

29f7d0099916fc0e9bed5564ff697c6f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

34f5325f83913c8ffacaad12eb979bd1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

inet_addr
connect
WSACleanup
WSAStartup
setsockopt
ioctlsocket
htons
bind
listen
accept
recv
closesocket
socket
send
select
__WSAFDIsSet

kernel32

MapViewOfFile
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
SetConsoleCtrlHandler
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
Sleep
GetLastError
CreateThread
GetModuleFileNameA
ExitThread
LeaveCriticalSection
EnterCriticalSection
GetTickCount
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetLocalTime
ExitProcess
CreateProcessA
CloseHandle
WriteFile
CreateFileA
GetSystemDirectoryA
GetTimeFormatA
GetDateFormatA
GetFileSize
GetFileAttributesA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FindNextFileA
FindFirstFileA
ReadFile
SetFilePointer
DeleteFileA
OpenProcess
GetCurrentProcessId
CopyFileA
SetFileAttributesA
GetModuleHandleA
WaitForSingleObject
CreateMutexA
TerminateThread
GetTempPathA
MoveFileA
LoadLibraryA
GetProcAddress
FormatMessageA
GlobalUnlock
GlobalLock
UnmapViewOfFile
CreateFileMappingA
SetFileTime
GetFileTime
ExpandEnvironmentStringsA
WideCharToMultiByte
MultiByteToWideChar
GetComputerNameA
GetCurrentProcess
TerminateProcess
lstrcmpiA
GetLocaleInfoA
GetVersionExA
GetLogicalDrives
WaitForMultipleObjects
CreatePipe
DuplicateHandle
GenerateConsoleCtrlEvent
QueryPerformanceCounter
QueryPerformanceFrequency
GlobalMemoryStatus
HeapAlloc
HeapFree
RtlUnwind
HeapReAlloc
GetTimeZoneInformation
GetSystemTime
GetStartupInfoA
GetCommandLineA
GetVersion
RaiseException
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
HeapSize
GetCPInfo
GetACP
GetOEMCP
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings

Sections

.text
Size: 146KB - Virtual size: 146KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 53KB - Virtual size: 425KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 19KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

34f5325f83913c8ffacaad12eb979bd1

Headers

File Characteristics

Imports

ws2_32

kernel32

Sections

.text Size: 146KB - Virtual size: 146KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 53KB - Virtual size: 425KB

.idata Size: 4KB - Virtual size: 3KB

.reloc Size: 19KB - Virtual size: 40KB

.text
Size: 146KB - Virtual size: 146KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 53KB - Virtual size: 425KB

.idata
Size: 4KB - Virtual size: 3KB

.reloc
Size: 19KB - Virtual size: 40KB