ed1b6d10b97cbd5536d88750fe2e78d7_JaffaCakes118

General

Target

ed1b6d10b97cbd5536d88750fe2e78d7_JaffaCakes118
Size

32KB
MD5

ed1b6d10b97cbd5536d88750fe2e78d7
SHA1

ef8049ec5cde28ee50ad22db27a68cb66f8f638b
SHA256

675b45cc1471949cd2020adccb8b81078b1d52440c3cef09bc106745ecaa30ac
SHA512

469a1ebeafb29496d3b2d1c0fd30f3bf52c325eb8a7197996013e25c8b2b832caf40e9400526e98ccb74ba9a178826c5d783d3121cdcd68d571e8198cc333f1a
SSDEEP

768:xtiVxp5pv8lQvJ7tlWSfxqWTnvRVBjA5yyA6:xtiV75ksVllJjA3A6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ed1b6d10b97cbd5536d88750fe2e78d7_JaffaCakes118

Files

ed1b6d10b97cbd5536d88750fe2e78d7_JaffaCakes118
.exe windows:1 windows x86 arch:x86

0e6d6e582cfe6c75c5001a73b561d84c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LocalAlloc
GetCurrentProcess
ExitThread
SetFilePointer
ResetEvent
ReadFile
CreateMutexA
LocalFree
GetModuleFileNameA
SetPriorityClass
SetEndOfFile
GetModuleHandleA
GetVersionExA
GetPrivateProfileStringA
GetProcAddress
ExitProcess
CopyFileA
LocalReAlloc
CreateProcessA
CloseHandle
WaitForSingleObject
Sleep
CreateThread
CreateFileA
GetLastError
SetCurrentDirectoryA
DeleteFileA
GetFileSize
WriteFile
WritePrivateProfileStringA
lstrcat
lstrcmpi
lstrlen
GetWindowsDirectoryA

advapi32

RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegCloseKey

user32

PeekMessageA
DispatchMessageA
TranslateMessage

ws2_32

socket
send
recvfrom
recv
inet_addr
gethostname
gethostbyname
connect
closesocket
bind
WSAStartup
sendto
WSAGetLastError
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent

Sections

.avp
Size: 15KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 9KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0e6d6e582cfe6c75c5001a73b561d84c

Headers

File Characteristics

Imports

kernel32

advapi32

user32

ws2_32

Sections

.avp Size: 15KB - Virtual size: 20KB

.avp Size: 9KB - Virtual size: 28KB

.avp Size: 2KB - Virtual size: 4KB

.avp Size: 4KB - Virtual size: 12KB

.avp
Size: 15KB - Virtual size: 20KB

.avp
Size: 9KB - Virtual size: 28KB

.avp
Size: 2KB - Virtual size: 4KB

.avp
Size: 4KB - Virtual size: 12KB