44a657ca6b165587d688e7d92fd4af85_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

44a657ca6b165587d688e7d92fd4af85_JaffaCakes118
Size

184KB
MD5

44a657ca6b165587d688e7d92fd4af85
SHA1

5f9fdb64acd9818d44e9ea8f50fd349e6d4714ff
SHA256

69f96843be55fe66b2fad352266cf9c312c8b350d1e0ebd42e8c41d1c500a5ef
SHA512

7b6f15236b46e460f4675359f855a6e3fd4907801750ec3dc79488a6f5c9a6d43e0b28c69ba2f69bbea273a8a8bf79d7df87868c7fd87efb41382235009afc41
SSDEEP

3072:3TK9h6qWW22el6HpcAF8mJNV4LU7UFe4yDq7vCCYFttD1SC+ARXB4HMqW:Mch2el6F8mJ77dxDaAj1SORXByW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
44a657ca6b165587d688e7d92fd4af85_JaffaCakes118

Files

44a657ca6b165587d688e7d92fd4af85_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9a1910e3271837b1cf7841daf254be44

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

inet_addr
ntohl
recv
send
getsockname
gethostbyname
sendto
socket
inet_ntoa
shutdown
gethostname
setsockopt
ioctlsocket
listen

sensapi

IsNetworkAlive

sisbkup

SisCreateBackupStructure
SisRestoredLink
SisCSFilesToBackupForLink
SisFreeBackupStructure

kernel32

TerminateProcess
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
GetTimeZoneInformation
LCMapStringW
LCMapStringA
SetEndOfFile
SetConsoleCtrlHandler
GetOEMCP
GetACP
CreateFileA
GetStringTypeW
GetStringTypeA
SetStdHandle
IsBadCodePtr
IsBadReadPtr
GetVersionExA
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
GetProfileStringW
VirtualProtect
lstrcmpA
GetComputerNameA
CreateProcessA
CloseHandle
GetStartupInfoA
GetLastError
DeleteFileA
CreateEventA
FileTimeToLocalFileTime
GetVersion
ExitProcess
MultiByteToWideChar
GetFileTime
GetModuleFileNameA
Sleep
GetTickCount
FreeLibrary
LoadLibraryA
GetProcAddress
EnterCriticalSection
InitializeCriticalSection
InterlockedExchange
DeleteCriticalSection
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
RtlUnwind
GetModuleHandleA
GetCommandLineA
HeapFree
RaiseException
FatalAppExitA
GetCurrentProcess
HeapReAlloc
HeapAlloc
HeapSize
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetCurrentThread
WriteFile
ReadFile
SetFilePointer
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
FlushFileBuffers
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
GetCPInfo
IsValidLocale
IsValidCodePage

Sections

.text
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 486KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9a1910e3271837b1cf7841daf254be44

Headers

File Characteristics

Imports

ws2_32

sensapi

sisbkup

kernel32

Sections

.text Size: 76KB - Virtual size: 74KB

.rdata Size: 52KB - Virtual size: 51KB

.data Size: 52KB - Virtual size: 486KB

.text
Size: 76KB - Virtual size: 74KB

.rdata
Size: 52KB - Virtual size: 51KB

.data
Size: 52KB - Virtual size: 486KB