545361c6264899317892d4bd32b01553_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

545361c6264899317892d4bd32b01553_JaffaCakes118
Size

48KB
MD5

545361c6264899317892d4bd32b01553
SHA1

87767ad1bdd82d5b2965f317485824567923442c
SHA256

b9db40919e9ffaf24f8431b54fc03b278106a1b2d64c90611a889022b9aec73f
SHA512

4b47285698c8e06bc61e6ad7b96dc03963a22b7bcc8062eae12bc59594dc417d721a67ef36e6c2466984ac4dad72e174db13d0c1c0e99cd80f48c3a06ff7d0b7
SSDEEP

768:cX9StHSwE8YyaPSpD5aWgwKeEapOvT+Rrm4y2+P+zwBWhSoQiD:cXlwuPID5aNwKvaovT6Fs+3HD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
545361c6264899317892d4bd32b01553_JaffaCakes118

Files

545361c6264899317892d4bd32b01553_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ca49b7dfab23ed03a8d1213feb043ad9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

g:\Vs2003\subaru\subaru_bin\subaru.pdb

Imports

kernel32

DeleteFileA
CreateDirectoryA
GetSystemDirectoryA
ExitProcess
GetExitCodeProcess
GetCurrentProcess
TerminateProcess
CreateFileA
Sleep
GetSystemDefaultLangID
GetVersionExA
CreateThread
GetLastError
HeapSize
LCMapStringW
WriteFile
CloseHandle
GlobalFree
CreateProcessA
LCMapStringA
GetSystemInfo
VirtualProtect
GetLocaleInfoA
SetStdHandle
GetCPInfo
GetOEMCP
GetACP
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
VirtualQuery
InterlockedExchange
LoadLibraryA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
SetFilePointer
GetFileType
SetHandleCount
RtlUnwind
HeapAlloc
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
GetProcAddress
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
FlushFileBuffers

user32

wsprintfA

advapi32

RegSetValueExA
RegCloseKey
RegCreateKeyA

wininet

InternetCloseHandle
HttpQueryInfoA
InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetReadFile

ws2_32

inet_ntoa
gethostbyname
gethostname
WSAStartup
WSACleanup

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ca49b7dfab23ed03a8d1213feb043ad9

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

wininet

ws2_32

iphlpapi

Sections

.text Size: 32KB - Virtual size: 29KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 7KB

.text
Size: 32KB - Virtual size: 29KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 7KB