edbf31795cf6b08d124f78c6e51235c7_JaffaCakes118

General

Target

edbf31795cf6b08d124f78c6e51235c7_JaffaCakes118
Size

24KB
MD5

edbf31795cf6b08d124f78c6e51235c7
SHA1

759d531b075cb47a3330e7b8408cf1a9c676d278
SHA256

5c95c6b1a0cc197d12f92c12ab60c7d6f25802ae0bc2e676c537824588bc2ff4
SHA512

2d4e18d1d93d4ea591d38f397580234a6b91a8b4d2a36b8a36d166a715a1c3ce1ff9ff2df77c513acc0865815c4768a155c89e62aa220c01ec7d92a268a1fc94
SSDEEP

384:OJJ5quqTRNuXvgW48x09y5ikfZvrF1BhW/8AoWNitrCdqWoZDEWA:Kq77s948e9j+jF1BbAindm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
edbf31795cf6b08d124f78c6e51235c7_JaffaCakes118

Files

edbf31795cf6b08d124f78c6e51235c7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f3df4521a32a9b6b488eef6f4b21cee8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeLibrary
Sleep
LocalAlloc
FindNextFileA
DeleteFileA
FindFirstFileA
VirtualFree
lstrlenA
VirtualAlloc
lstrcatA
GetEnvironmentVariableA
CreateProcessA
GetExitCodeThread
TerminateThread
VirtualProtect
CreateMutexA
CreateThread
CreateEventW
SetThreadPriority
WinExec
GetLastError
ReadFile
SetFilePointer
lstrcmpA
GetSystemDirectoryA
LocalFree
MultiByteToWideChar
GetVersionExA
LoadLibraryA
GetModuleHandleW
lstrcpyA
WaitForSingleObject
SetEvent
ResetEvent
GetProcAddress
GetModuleFileNameA
GetTempPathA
CreateFileA
WriteFile
CloseHandle

user32

CharUpperA
wsprintfA
CharLowerA

advapi32

DeleteService
ControlService
OpenSCManagerA
CreateServiceA
StartServiceA
CloseServiceHandle
RegQueryValueExA
RegOpenKeyA
RegCloseKey
RegOpenKeyExA
OpenServiceA

ws2_32

WSACleanup
closesocket
connect
socket
WSAStartup
recv
send

urlmon

URLDownloadToFileA

dnsapi

DnsQuery_W
DnsRecordListFree

Exports

Exports

LpkDllInitialize
LpkDrawTextEx
LpkEditControl
LpkExtTextOut
LpkGetCharacterPlacement
LpkGetTextExtentExPoint
LpkInitialize
LpkPSMTextOut
LpkTabbedTextOut
LpkUseGDIWidthCache
ftsWordBreak

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 1022B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f3df4521a32a9b6b488eef6f4b21cee8

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

urlmon

dnsapi

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 4KB

.reloc Size: 1024B - Virtual size: 1022B

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 4KB

.reloc
Size: 1024B - Virtual size: 1022B