JaffaCakes118_854e979229e9aee9c65b96629b158ba1

General

Target

JaffaCakes118_854e979229e9aee9c65b96629b158ba1
Size

148KB
MD5

854e979229e9aee9c65b96629b158ba1
SHA1

35fc30644f6d1f973c9e4342c41bc684150e0658
SHA256

a687ca111cf0b5d9d1a54c0cb34cd64fbf3f6a148b735d2d0b6fb68ec5bb4847
SHA512

9d573e5459e119f2037ad6d56b3e6cabdb45d454aedf7b842b2016d0e4c40f36a3db7ee7ef22c0756f3891f7a4badd047f8889172fb4aea16874f91a7006f95a
SSDEEP

3072:h+ZnUjEWv2KoRZ2jzcjlzLRo/Yz1yzHNoWwVoB:hKUjE1ezui/YItoTeB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_854e979229e9aee9c65b96629b158ba1

Files

JaffaCakes118_854e979229e9aee9c65b96629b158ba1
.exe windows:4 windows x86 arch:x86

f0e9ae7b8dbcc1a751c9b710b2fad61a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStringTypeA
LoadLibraryA
GetModuleFileNameA
GetThreadLocale
WideCharToMultiByte
GlobalAlloc
GetLastError
WriteFile
VirtualFree
VirtualAlloc
LCMapStringA
ReadFile
GetTimeZoneInformation
CreateProcessA
WaitForSingleObject
GetExitCodeProcess
GetCurrentDirectoryA
GetFullPathNameA
SetEnvironmentVariableW
FindFirstFileA
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
SetEndOfFile
LCMapStringW
HeapAlloc
HeapFree
ExitProcess
TerminateProcess
GetCurrentProcess
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
HeapDestroy
HeapCreate
SetStdHandle
UnhandledExceptionFilter
HeapReAlloc
GetProcAddress
GetStringTypeW
MultiByteToWideChar
CreateFileA
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetFileAttributesA
CloseHandle
GetCPInfo
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
CompareStringW
RtlUnwind
SetFilePointer
CompareStringA
SetEnvironmentVariableA
GetACP
GetOEMCP
FlushFileBuffers

user32

MessageBoxA

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListA

wsock32

ioctlsocket
closesocket
WSAStartup
WSAGetLastError
socket
bind
getsockname
listen
ntohs
accept
recv

Sections

.text
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f0e9ae7b8dbcc1a751c9b710b2fad61a

Headers

File Characteristics

Imports

kernel32

user32

shell32

wsock32

Sections

.text Size: 44KB - Virtual size: 42KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 96KB - Virtual size: 96KB

.text
Size: 44KB - Virtual size: 42KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 96KB - Virtual size: 96KB