dded937a683c71ea3251bacd51ce1fd8_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

dded937a683c71ea3251bacd51ce1fd8_JaffaCakes118
Size

172KB
MD5

dded937a683c71ea3251bacd51ce1fd8
SHA1

686c7625f72a5d63e2957cb13c059dfccf01672c
SHA256

9f557ec2d82003805bb4ff078bf5943251305505f2094d3fca08d291f7db93dc
SHA512

089509167709e71f927b3613a80e46f0f6d77c6980e478e0a9ef3f980538f8e2ae8ca1eac3a930963d7927bc69456b47bf7666f4086525f35c1ee30ada37a0ae
SSDEEP

3072:MO+EbyrLhacuvKlQDCRNpQK5B5TtzXJcGXTWDH4guf9:MW+NQK5B5xXJcEeH0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dded937a683c71ea3251bacd51ce1fd8_JaffaCakes118

Files

dded937a683c71ea3251bacd51ce1fd8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3403a2583c711a844bd2563db0d0ade2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObject
CloseHandle
CreateFileA
WriteFile
SetFilePointer
lstrlenA
ExitProcess
GetWindowsDirectoryA
GetLastError
GetModuleHandleA
GetSystemDefaultUILanguage
GlobalMemoryStatusEx
GetSystemInfo
CreateThread
GetCurrentThread
SetThreadPriority
SetPriorityClass
GetEnvironmentVariableA
GetShortPathNameA
GetModuleFileNameA
GetCurrentProcess
SetProcessWorkingSetSize
Sleep
ExitThread
OutputDebugStringA
GetTickCount
GetProcAddress
LoadLibraryA
HeapFree
GetProcessHeap
HeapAlloc
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
FlushFileBuffers
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
MultiByteToWideChar
GetConsoleMode
GetConsoleCP
GetCommandLineA
GetVersionExA
GetStartupInfoA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapSize
GetStdHandle
RaiseException
InitializeCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind
GetCPInfo
GetACP
GetOEMCP

user32

wsprintfA

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA
StartServiceCtrlDispatcherA

shell32

SHChangeNotify
ShellExecuteExA

ws2_32

shutdown
recv
send
setsockopt
WSASocketA
select
closesocket
sendto
socket
htonl
htons
gethostbyname
inet_addr
__WSAFDIsSet
WSAStartup
connect

iphlpapi

GetIfTable

Sections

.text
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rmnet
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3403a2583c711a844bd2563db0d0ade2

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ws2_32

iphlpapi

Sections

.text Size: 72KB - Virtual size: 68KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 8KB - Virtual size: 13KB

.rsrc Size: 12KB - Virtual size: 9KB

.rmnet Size: 60KB - Virtual size: 60KB

.text
Size: 72KB - Virtual size: 68KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 8KB - Virtual size: 13KB

.rsrc
Size: 12KB - Virtual size: 9KB

.rmnet
Size: 60KB - Virtual size: 60KB