3ba3373e291f93f7ffc19a2b5c23f446_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3ba3373e291f93f7ffc19a2b5c23f446_JaffaCakes118
Size

34KB
MD5

3ba3373e291f93f7ffc19a2b5c23f446
SHA1

bb5f736dea9dd83f0e699e636ca2105a340f8952
SHA256

a7cd5e5c3b16c119e352c8dbbef7747a1757f01bda4fdc7609848038b5351ab1
SHA512

5faca24689c09f3ef788c07f754da762ebe11192a8f3a1ce4ed607c3d10c814dae2a70ce44f0c3c1ef82392f75401c3694cccbf7a5f42887c855706e0c5ebc07
SSDEEP

768:ZcWtfOSfHVE1vN9GDcF8K0kUSwajYjjNnP5uJcQVxorHQY7:yWtWSf1k/T0kNwKwjhP5EcOxobQY7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/s9me.exe

Files

3ba3373e291f93f7ffc19a2b5c23f446_JaffaCakes118
.lzh
readme.txt
s9me.exe
.exe windows:4 windows x86 arch:x86

63cfc717b0c0d4d3666abe7fadb6c130

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentDirectoryA
WritePrivateProfileStringA
OpenProcess
GetPrivateProfileStringA
WriteProcessMemory
CloseHandle
VirtualFree
Process32Next
Process32First
CreateToolhelp32Snapshot
VirtualAlloc
LCMapStringW
ReadProcessMemory
GetCPInfo
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
RtlUnwind
HeapCreate
HeapDestroy
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
UnhandledExceptionFilter
WriteFile
SetFilePointer
GetCurrentProcess
TerminateProcess
ReadFile
HeapAlloc
HeapFree
ExitProcess
GetVersion
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
DeleteFileA
LoadLibraryA
GetProcAddress
GetOEMCP
GetACP
LCMapStringA
HeapReAlloc
GetLastError
CreateFileA
FlushFileBuffers
SetStdHandle
SetEndOfFile

user32

SendDlgItemMessageA
SetDlgItemTextA
DestroyWindow
PostQuitMessage
LoadImageA
LoadIconA
DialogBoxParamA
CreateDialogParamA
ShowWindow
UpdateWindow
LoadAcceleratorsA
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
IsDialogMessageA
wsprintfA
GetDC
ReleaseDC
SetFocus
EndDialog
SendMessageA
GetDlgItemTextA
MessageBoxA
GetMenu
EnableMenuItem
GetDlgItem
EnableWindow

gdi32

SetDIBitsToDevice

shell32

ShellExecuteA

wsock32

WSAAsyncSelect
closesocket
send
recv
socket
WSAGetLastError
WSAAsyncGetHostByName
WSAStartup
WSACleanup
shutdown
connect
htons

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
s9me.ini

Sharing

General

Malware Config

Signatures

Files

63cfc717b0c0d4d3666abe7fadb6c130

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

wsock32

Sections

.text Size: 52KB - Virtual size: 51KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 8KB - Virtual size: 16KB

.rsrc Size: 12KB - Virtual size: 10KB

.text
Size: 52KB - Virtual size: 51KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 8KB - Virtual size: 16KB

.rsrc
Size: 12KB - Virtual size: 10KB