3a55f73734517532484d1a0108dfa681_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3a55f73734517532484d1a0108dfa681_JaffaCakes118
Size

128KB
MD5

3a55f73734517532484d1a0108dfa681
SHA1

0a52c8c7c6a7794ebbfb1a1e8a0d2d682ba4df2f
SHA256

79ca46c0f9b5627ea8111d507ceaefe825f61ab7778d28a70bf341b091569d61
SHA512

cb0b2efec4da11370d431efd5227d9b1627c4c027049b4f4c0fb14e2e2eb8ac4a8fc1e5523b3e8620ec8de2ec0d587673cc0bcd426d86e7f092bae9210ccd950
SSDEEP

3072:jYc9dgfO+IRxBqtJ8NNGhclFkdP4mmnDjo09DtaK:jH/gc5ihclFkdAJT9M

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3a55f73734517532484d1a0108dfa681_JaffaCakes118

Files

3a55f73734517532484d1a0108dfa681_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5c2700b90bf71b17ff9ae6fb0a8963ff

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

netapi32

NetApiBufferFree
NetServerEnum

ws2_32

gethostname
WSAStartup
inet_ntoa
gethostbyname

mpr

WNetAddConnection2W
WNetCancelConnection2W

kernel32

CreateFileW
FreeLibrary
LocalFree
WriteFile
GetStdHandle
FormatMessageA
LoadLibraryExW
LockResource
SizeofResource
LoadResource
FindResourceW
DeleteFileW
GetSystemDirectoryW
GetComputerNameW
TerminateThread
WaitForSingleObject
MultiByteToWideChar
GetCurrentProcess
GetVersion
GetModuleFileNameW
SetEvent
GetFileAttributesW
CloseHandle
ReadConsoleW
ReadFile
GetFileTime
SetFileAttributesW
CopyFileW
WaitForMultipleObjects
SetConsoleTitleW
DuplicateHandle
GetCurrentProcessId
TransactNamedPipe
SetNamedPipeHandleState
SetConsoleCtrlHandler
CreateEventW
GetExitCodeProcess
ResumeThread
SetProcessAffinityMask
GetEnvironmentVariableW
GetProcAddress
LoadLibraryW
GetFullPathNameW
GetCommandLineW
GetTickCount
Sleep
SetLastError
GetLastError
GetStringTypeA
GetStringTypeW
LoadLibraryA
SetEndOfFile
GetACP
GetOEMCP
DisconnectNamedPipe
HeapAlloc
HeapFree
EnterCriticalSection
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
CreateThread
GetCurrentThreadId
TlsSetValue
ExitThread
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
RtlUnwind
ExitProcess
TerminateProcess
HeapDestroy
HeapCreate
VirtualFree
InitializeCriticalSection
DeleteCriticalSection
VirtualAlloc
HeapReAlloc
SetHandleCount
GetFileType
GetStartupInfoA
TlsAlloc
TlsGetValue
UnhandledExceptionFilter
CreateFileA
FlushFileBuffers
WideCharToMultiByte
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetEnvironmentStrings
GetCommandLineA
GetModuleFileNameA
SetFilePointer
SetStdHandle
GetCPInfo

advapi32

QueryServiceStatus
CreateProcessAsUserW
OpenProcessToken
DeleteService
ControlService
OpenSCManagerW
OpenServiceW
StartServiceW
CreateServiceW
CloseServiceHandle
AllocateAndInitializeSid
GetTokenInformation
FreeSid
LsaOpenPolicy
LsaEnumerateAccountRights
LsaClose
LookupPrivilegeValueW
LsaFreeMemory

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5c2700b90bf71b17ff9ae6fb0a8963ff

Headers

File Characteristics

Imports

version

netapi32

ws2_32

mpr

kernel32

advapi32

Sections

.text Size: 44KB - Virtual size: 43KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 16KB - Virtual size: 187KB

.rsrc Size: 56KB - Virtual size: 53KB

.text
Size: 44KB - Virtual size: 43KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 16KB - Virtual size: 187KB

.rsrc
Size: 56KB - Virtual size: 53KB