3a30e74dd589a4c4ba55b73e0d41bb51_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3a30e74dd589a4c4ba55b73e0d41bb51_JaffaCakes118
Size

168KB
MD5

3a30e74dd589a4c4ba55b73e0d41bb51
SHA1

5a3ef34b425c0bb9de1b6459f8dc2413e7327f4e
SHA256

012aef5d36225c8659c3a12b11e95a53bd14bd06b47562ef6e771cd7f05c89a7
SHA512

459893028defb081b9df6066f99e9c4e6cba8a0bc78876a6b545b1a5d52062c430934e5cf67954912159739f7e4d8cb24f629b8013af22b5508debc7f65ea896
SSDEEP

3072:/0y0oYeqgvvDDNty/9vsRokgSpH0PoiPrm66C70nAJSdwDhyvdZEOIzM9:/0a7vHH4vsvd+9Pr37uYS2D4LEOIzo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3a30e74dd589a4c4ba55b73e0d41bb51_JaffaCakes118

Files

3a30e74dd589a4c4ba55b73e0d41bb51_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0ce9ec28d3cc63216f2a669189b340b0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSASocketA
WSAConnect
WSAWaitForMultipleEvents

dbghelp

SymEnumerateModules64
SymEnumTypes
SymEnumSymbols
SymEnumSym
SymEnumSourceFiles
SymCleanup
StackWalk
StackWalk64
SearchTreeForFile
MapDebugInformation
MakeSureDirectoryPathExists
ImageRvaToVa
ImageRvaToSection
ImageDirectoryEntryToDataEx
GetTimestampForLoadedLibrary
FindFileInSearchPath
FindFileInPath
FindDebugInfoFile
SymGetSymNext64
SymGetSymFromName
SymGetSearchPath
SymEnumerateModules
SymGetOptions
SymGetModuleInfoW
SymGetModuleInfoW64
SymGetModuleInfo
SymGetLinePrev
SymGetLinePrev64
SymGetLineFromAddr
SymGetLineFromAddr64
UnmapDebugInformation
SymUnloadModule
SymUnloadModule64
SymUnDName
SymUnDName64
SymSetSearchPath
SymSetOptions
SymSetContext
SymRegisterFunctionEntryCallback
SymRegisterFunctionEntryCallback64
SymFunctionTableAccess
SymMatchString
SymMatchFileName
SymLoadModule
SymGetTypeInfo
SymGetTypeFromName
SymGetSymPrev
SymEnumerateSymbols64
SymEnumerateSymbols
SymEnumerateSymbolsW64
SymEnumerateSymbolsW
SymGetSymNext

hlink

ord3
ord6
ord9
ord11
ord16
ord20
ord24
ord21
ord5
ord27
ord31

iphlpapi

IcmpSendEcho
IcmpCreateFile

imagehlp

BindImage
ImageEnumerateCertificates
ImageGetCertificateData
ImageGetCertificateHeader
ImageGetDigestStream
ImageUnload
MapAndLoad
MapFileAndCheckSumA
ReBaseImage
SetImageConfigInformation
SplitSymbols
UpdateDebugInfoFileEx
ImageLoad

msvcrt

fclose
fwrite
fputs
_onexit
__dllonexit
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
??2@YAPAXI@Z
malloc
free
realloc
exit
fopen
fseek
atoi

kernel32

GetComputerNameA
SetEvent
WaitForSingleObject
GetStartupInfoA
GetModuleHandleA
CreateEventA
SetTapePosition

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0ce9ec28d3cc63216f2a669189b340b0

Headers

File Characteristics

Imports

ws2_32

dbghelp

hlink

iphlpapi

imagehlp

msvcrt

kernel32

Sections

.text Size: 36KB - Virtual size: 34KB

.rdata Size: 84KB - Virtual size: 83KB

.data Size: 44KB - Virtual size: 79KB

.text
Size: 36KB - Virtual size: 34KB

.rdata
Size: 84KB - Virtual size: 83KB

.data
Size: 44KB - Virtual size: 79KB