46014d6929be91703163dea3ecb05699_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

46014d6929be91703163dea3ecb05699_JaffaCakes118
Size

348KB
MD5

46014d6929be91703163dea3ecb05699
SHA1

ef653e5e405343de0fd777c42c4d43baef11d554
SHA256

1dd68afa73e57e1411d69dc1962af3122849085c8f380406be0d565f0f665781
SHA512

197f33f392b1d887baf19cddf9a3b0523d6f0fb03c662fe91a2cef5f376383acbd952775bc05080ae673e5341d60428d4854818a30a7488cdaf2857bd6069980
SSDEEP

6144:LP4Sbfo/pEs9n9+F6EuDNA2ZEM4X0ZG1sF9YLUmaJrOqvY/Bncj+bKdn:LBbfoz9FZGOib

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
46014d6929be91703163dea3ecb05699_JaffaCakes118

Files

46014d6929be91703163dea3ecb05699_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4df863cea3493b10ec0ee710edc488ee

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
GetProcessHeap
HeapFree
HeapSize
HeapReAlloc
GetModuleFileNameA
GetCurrentThreadId
FileTimeToSystemTime
GetProcAddress
LoadLibraryA
SetEvent
CompareFileTime
GetComputerNameA
WaitForSingleObject
ResetEvent
CreateEventA
ExitProcess
CreateMutexA
OpenEventA
FreeConsole
GetLocalTime
GetCurrentProcessId
SetConsoleCtrlHandler
GetFullPathNameA
GetFileTime
MultiByteToWideChar
SetLastError
DeleteCriticalSection
WideCharToMultiByte
LocalFree
lstrlenA
FormatMessageA
GetVersionExA
lstrcpyA
FindFirstFileA
FileTimeToLocalFileTime
FindNextFileA
GetFileAttributesExA
FlushFileBuffers
DeleteFileA
SystemTimeToFileTime
GetSystemTime
GetFileSize
Sleep
CloseHandle
EnterCriticalSection
LeaveCriticalSection
SetFilePointer
WriteFile
InitializeCriticalSection
CreateFileA
GetLastError
FreeLibrary
ReadFile
SetEndOfFile
SetStdHandle
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetModuleHandleA
InterlockedDecrement
InterlockedIncrement
RtlUnwind
ResumeThread
CreateThread
TlsSetValue
TlsGetValue
ExitThread
TerminateProcess
GetCurrentProcess
GetCommandLineA
GetVersion
TlsAlloc

user32

MessageBoxA

advapi32

SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
RegDeleteValueA
OpenServiceA
ControlService
QueryServiceStatus
DeleteService
RegOpenKeyA
OpenSCManagerA
CreateServiceA
CloseServiceHandle
StartServiceA
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey
RegEnumKeyExA

wsock32

htonl
shutdown
setsockopt
send
recv
accept
getsockname
listen
socket
inet_ntoa
bind
connect
select
__WSAFDIsSet
ioctlsocket
gethostbyname
WSAGetLastError
htons
WSAStartup
ntohs
closesocket
inet_addr

wininet

InternetFindNextFileA
InternetReadFile
FtpOpenFileA
InternetCloseHandle
InternetGetLastResponseInfoA
FtpFindFirstFileA
InternetConnectA
InternetOpenA

iphlpapi

GetIfTable
GetIpAddrTable

Sections

.text
Size: 216KB - Virtual size: 215KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 708KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4df863cea3493b10ec0ee710edc488ee

Headers

File Characteristics

Imports

kernel32

user32

advapi32

wsock32

wininet

iphlpapi

Sections

.text Size: 216KB - Virtual size: 215KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 112KB - Virtual size: 708KB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 216KB - Virtual size: 215KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 112KB - Virtual size: 708KB

.rsrc
Size: 4KB - Virtual size: 1KB