42b52c59829129889036a6779b0e60f7_JaffaCakes118

General

Target

42b52c59829129889036a6779b0e60f7_JaffaCakes118
Size

668KB
MD5

42b52c59829129889036a6779b0e60f7
SHA1

a783658c69381261c370eb23663adf7fa46f815d
SHA256

f5255f79e4dca8ac76171474bfb260c28ef6130e6911d4554201262ad6bd4499
SHA512

b4e1b0a25c82583605a9978fab6866eab053e5ceba41535ee779e0e0a2a7320cbcd2fd2ff1fe793f47ffdbf05e2ac39fcd5ee6f3d332b0ee219114cf20cb97ce
SSDEEP

6144:9PCtczqDi6Ry42FJbakW3T+gRBCkmhp8yv7nmwAn69FTrhbVpqynUp5rMrO/Ukl:96uoy4+bak0XRBrLxu3rXpre1cml

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
42b52c59829129889036a6779b0e60f7_JaffaCakes118

Files

42b52c59829129889036a6779b0e60f7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d15371ae11543c38cff49b716302b3c3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

sendto
closesocket
WSAEnumNameSpaceProvidersA
WSARecv
WSAAddressToStringW
getservbyname
WSAEnumProtocolsW
WSANtohs
WSADuplicateSocketA
WSASetBlockingHook

user32

WaitForInputIdle
GrayStringW
ShowOwnedPopups
MessageBoxExA
LoadKeyboardLayoutW
EndPaint
DrawCaption
EnumWindowStationsA
TrackPopupMenuEx
LoadCursorW
SetWindowTextW
CreatePopupMenu
SetClassLongW
PostThreadMessageW
MessageBoxIndirectW
TranslateAcceleratorA
DialogBoxParamA
FindWindowExW
RegisterWindowMessageW
LoadImageW
RegisterDeviceNotificationW
FlashWindowEx
CreateWindowExW
IsWindowUnicode

kernel32

SetProcessShutdownParameters
GlobalUnlock
GetSystemInfo
SwitchToFiber
CreateMutexA
IsProcessorFeaturePresent
LoadResource
CopyFileExW
GetComputerNameW
MoveFileW
GetHandleInformation
SetConsoleWindowInfo
SetupComm
SetThreadAffinityMask
GetBinaryTypeW
SetThreadPriorityBoost
FlushFileBuffers
FindCloseChangeNotification
WritePrivateProfileStructA
FormatMessageW
EnumSystemCodePagesW
CreateIoCompletionPort
PeekConsoleInputW
GlobalReAlloc
SetConsoleTitleA
ExitProcess

gdi32

GetTextExtentPoint32A
StretchBlt

oleaut32

VariantChangeType
SafeArrayGetLBound
SysFreeString

Sections

.text
Size: 322KB - Virtual size: 322KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 309KB - Virtual size: 308KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d15371ae11543c38cff49b716302b3c3

Headers

File Characteristics

Imports

ws2_32

user32

kernel32

gdi32

oleaut32

Sections

.text Size: 322KB - Virtual size: 322KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 309KB - Virtual size: 308KB

.rsrc Size: 32KB - Virtual size: 31KB

.text
Size: 322KB - Virtual size: 322KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 309KB - Virtual size: 308KB

.rsrc
Size: 32KB - Virtual size: 31KB