f3728017bcbbdf3d7a89975fba4c8232_JaffaCakes118

General

Target

f3728017bcbbdf3d7a89975fba4c8232_JaffaCakes118
Size

36KB
MD5

f3728017bcbbdf3d7a89975fba4c8232
SHA1

6b16ee93fe1cc1189b55d8f1bc6b3a7410b8f3ff
SHA256

dbc5a143e9c9a63aaf7968d4ebaacab3466f2a0f299c47480b7c61336a2337f3
SHA512

af40ef1155c3070a5f8051bf480022ea1146a328e181eec094a5be8c29b523ccdf09f0430dccb7bc3ba8d9b5cfa12e54c7f30c0924a1c0c38d17f0dea87c97eb
SSDEEP

384:vtOQmU+/4SQnMjUqGLTpxSJi1mllx2TuAGfdw4iqAQyvDjDy2zI3Koki4yKWEr8:v3mU+QZmMpx1tLG2Fi2jDPzIKoki3E

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f3728017bcbbdf3d7a89975fba4c8232_JaffaCakes118

Files

f3728017bcbbdf3d7a89975fba4c8232_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a0f7e6afcf816801210b7de358f00339

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
CloseHandle
CreatePipe
CreateProcessA
DuplicateHandle
GetCurrentProcess
TerminateProcess
DisconnectNamedPipe
WaitForMultipleObjects
FreeLibrary
GetProcAddress
ExitThread
GetLastError
ReadFile
PeekNamedPipe
GetModuleHandleA
WinExec
WriteFile
GetSystemDirectoryA
GetFileSize
CreateFileA
lstrlenA
GetVersionExA
GetModuleFileNameA
TerminateThread
CreateThread
LCMapStringW
VirtualFree
VirtualAlloc
GetOEMCP
GetACP
FlushFileBuffers
LCMapStringA
Sleep
GetCPInfo
HeapReAlloc
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
RtlUnwind
GetFileType
HeapFree
HeapAlloc
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapDestroy
HeapCreate
SetStdHandle
FreeEnvironmentStringsW
SetFilePointer
UnhandledExceptionFilter
FreeEnvironmentStringsA
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle

advapi32

RegCreateKeyA
RegQueryValueExA
RegSetValueExA
RegCloseKey
RegOpenKeyA

ws2_32

WSAGetLastError
htons
socket
select
connect
closesocket
inet_addr
send
gethostbyname
WSACleanup
inet_ntoa
WSAStartup
getsockname
recv

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a0f7e6afcf816801210b7de358f00339

Headers

File Characteristics

Imports

kernel32

advapi32

ws2_32

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 8KB

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 8KB