371004c773d7a97472a8477b0e320b2a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

371004c773d7a97472a8477b0e320b2a_JaffaCakes118
Size

63KB
MD5

371004c773d7a97472a8477b0e320b2a
SHA1

60f59b6dff6c279786bf83359640d5bf1e07d756
SHA256

f3d15f2a37d4e2c7b7e4a3a64126017e4a30e743d72ae93ae804a3d93c38b395
SHA512

a17eb056890dea400cf3427972866620c760f50cf27ba0cd7ad415615ef9bda6ef2d5315e392064981d324370c30b3bae2693d9a05fcdea1a7f14711b442e030
SSDEEP

1536:I94WOe898mlA8JkuPHZyUV4ZzBZel9GDTipSe/:b2snr763el9GDTip7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
371004c773d7a97472a8477b0e320b2a_JaffaCakes118

Files

371004c773d7a97472a8477b0e320b2a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

936959b17018a906f5467c4480528c63

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

ioctlsocket
connect
WSAStartup
select
WSAGetLastError
htons
setsockopt
WSACleanup
recv
socket
__WSAFDIsSet
closesocket
gethostbyname
send

wininet

InternetCloseHandle
InternetOpenA
InternetReadFile
InternetOpenUrlA

shlwapi

PathCombineA
PathFileExistsA
PathFindFileNameA
PathFindExtensionA

kernel32

RtlUnwind
LoadLibraryW
GetConsoleMode
GetConsoleCP
SetFilePointer
GetStringTypeW
MultiByteToWideChar
LCMapStringW
EnterCriticalSection
LeaveCriticalSection
HeapSize
GetSystemTimeAsFileTime
AllocConsole
GetConsoleWindow
GetStdHandle
WriteConsoleA
ExitProcess
GetLocaleInfoA
HeapReAlloc
Sleep
GetStartupInfoA
CloseHandle
GetTempPathA
CreateThread
CreateFileA
WriteFile
CreateProcessA
GetLastError
CopyFileA
SetFileAttributesA
GetModuleFileNameA
WaitForSingleObject
CreateMutexA
GetProcAddress
GetSystemInfo
GetModuleHandleA
GetVersionExA
GetLogicalDrives
GetDriveTypeA
GetVolumeInformationA
CreateDirectoryA
DeleteFileA
GetCurrentProcessId
QueryPerformanceCounter
SetStdHandle
WriteConsoleW
CreateFileW
GetTickCount
FlushFileBuffers
HeapCreate
DeleteCriticalSection
GetFileType
GetCommandLineA
HeapSetInformation
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
DecodePointer
TerminateProcess
GetCurrentProcess
HeapFree
HeapAlloc
RaiseException
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
GetCurrentThreadId
IsProcessorFeaturePresent
GetModuleFileNameW
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount

user32

GetSystemMetrics

advapi32

RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

shell32

ShellExecuteA
DoEnvironmentSubstA

Sections

.text
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.config
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

936959b17018a906f5467c4480528c63

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

wininet

shlwapi

kernel32

user32

advapi32

shell32

Sections

.text Size: 39KB - Virtual size: 38KB

.rdata Size: 14KB - Virtual size: 13KB

.data Size: 4KB - Virtual size: 44KB

.config Size: 4KB - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 832B

.text
Size: 39KB - Virtual size: 38KB

.rdata
Size: 14KB - Virtual size: 13KB

.data
Size: 4KB - Virtual size: 44KB

.config
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 832B