372699857452c763e47e5b5a8f749470_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

372699857452c763e47e5b5a8f749470_JaffaCakes118
Size

549KB
MD5

372699857452c763e47e5b5a8f749470
SHA1

b8b4858e74302cbf4cc9d06a8966d8e98c97276b
SHA256

7448693cd4d150ef90769cd6d31c2439726199c4eaa01bded0f0a2d2b8dec6b9
SHA512

91d242c36501a28faaead81218b0a039c2f1e75eaad72e91cc265341a5f7bc1b3e238cfc7444df258301b19a7892625b31da64929c99864605f888c52340b0df
SSDEEP

6144:H3P1v//oJbdk/4yDDF6njHCJAjaoc+45N:XP1v/UhkNn6icHE5N

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
372699857452c763e47e5b5a8f749470_JaffaCakes118

Files

372699857452c763e47e5b5a8f749470_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2b73703c86346de8d70a6922c1b29dc7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSASocketW
recv
shutdown
ntohl
WSAAsyncGetHostByName
WSACleanup
WSAUnhookBlockingHook
getprotobyname
inet_addr

gdi32

SetWinMetaFileBits
AddFontResourceA

kernel32

UnmapViewOfFile
VirtualProtect
EndUpdateResourceA
CreateFileW
LCMapStringA
ReadFile
GlobalFindAtomW
SetEndOfFile
GetLocaleInfoW
PrepareTape
SwitchToFiber
GetFullPathNameA
GetACP
ConnectNamedPipe
WriteFile
LoadLibraryExW
PulseEvent
LocalSize
GetShortPathNameA
GetDateFormatA
GetCommState
GlobalDeleteAtom
GetCurrentDirectoryW
VirtualUnlock
OutputDebugStringA
DosDateTimeToFileTime
_hread
SetHandleCount
EnumDateFormatsW
lstrcatW
GetLongPathNameA
SetProcessAffinityMask
lstrcpyA
GetLargestConsoleWindowSize
FindResourceExA
FlushFileBuffers
GetUserDefaultLangID
ExitProcess
IsBadReadPtr
MultiByteToWideChar
GetTempPathW
GetProcessHeap

user32

CharLowerBuffA
GetAsyncKeyState
LoadCursorA
MapVirtualKeyW
RegisterClipboardFormatA
GetClassInfoW
GetDlgItemTextW
LoadCursorFromFileW

shell32

SHAddToRecentDocs
SHGetSpecialFolderPathA

comdlg32

PageSetupDlgW
GetFileTitleW

advapi32

GetSidLengthRequired
AdjustTokenPrivileges
RevertToSelf
LookupPrivilegeValueA
CryptAcquireContextW
CreateServiceA
SetTokenInformation
OpenProcessToken
RegQueryValueW
AddAccessDeniedAce
RegisterServiceCtrlHandlerA
SetSecurityDescriptorSacl
CryptHashData
RegCreateKeyExA
GetSecurityDescriptorOwner
AbortSystemShutdownW
RegCloseKey

Sections

.text
Size: 303KB - Virtual size: 302KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 225KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2b73703c86346de8d70a6922c1b29dc7

Headers

File Characteristics

Imports

ws2_32

gdi32

kernel32

user32

shell32

comdlg32

advapi32

Sections

.text Size: 303KB - Virtual size: 302KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 225KB - Virtual size: 224KB

.rsrc Size: 16KB - Virtual size: 16KB

.text
Size: 303KB - Virtual size: 302KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 225KB - Virtual size: 224KB

.rsrc
Size: 16KB - Virtual size: 16KB