f437db305872d059a587beb96c289c98_JaffaCakes118

General

Target

f437db305872d059a587beb96c289c98_JaffaCakes118
Size

95KB
MD5

f437db305872d059a587beb96c289c98
SHA1

58716cb95f06d7760d41fcc8c3c52f42d1c71b6c
SHA256

681e9717f54029d5c8c9df15e064a4447564f0d1065948e512b1e3fb824e335c
SHA512

f0233103432553f97d2e399c39064c8f3c4ad4c9f4fdf262279fe547acd7a503bcbca7e74f3034272ecab9ca9da148048d10ea380d322bcaebd023f32408da76
SSDEEP

768:AsXEsStY7tIr0bJ60SuokCl5ZgdhPtAFr0iB9wkd9uzJVl8AukkojdalXf+dPW2L:ir0bs0SxkCfKzl49Q5y7oqX8lcz57Tg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f437db305872d059a587beb96c289c98_JaffaCakes118

Files

f437db305872d059a587beb96c289c98_JaffaCakes118
.exe windows:4 windows x86 arch:x86

036233bbe76b647b326d305f5c38eaee

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessA
GetSystemTime
Sleep
LockResource
LoadResource
CreateFileA
TerminateProcess
ReadFile
PeekNamedPipe
GetStartupInfoA
CreatePipe
WriteFile
CloseHandle
GetVolumeInformationA
FindResourceA
CreateThread
LCMapStringA
GetStringTypeW
GetStringTypeA
SetEndOfFile
LoadLibraryA
SetEnvironmentVariableA
GetOEMCP
GetACP
CompareStringW
CompareStringA
GetCPInfo
MultiByteToWideChar
SetFilePointer
FlushFileBuffers
SetStdHandle
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
RtlUnwind
HeapAlloc
HeapFree
GetTimeZoneInformation
GetLocalTime
GetModuleHandleA
GetCommandLineA
GetVersion
ExitProcess
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
GetLastError
GetProcAddress
WideCharToMultiByte
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
LCMapStringW

advapi32

RegCloseKey
RegSetValueExA
RegDeleteValueA
RegOpenKeyExA

wininet

InternetCloseHandle
InternetOpenUrlA
InternetOpenA
InternetReadFile

ws2_32

inet_ntoa
ntohs
ntohl
bind
WSAIoctl
WSACleanup
WSAStartup
socket
gethostname
gethostbyname
htons
htonl
closesocket
connect
select
send
recv

Sections

.text
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

036233bbe76b647b326d305f5c38eaee

Headers

File Characteristics

Imports

kernel32

advapi32

wininet

ws2_32

Sections

.text Size: 40KB - Virtual size: 36KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 9KB

.rsrc Size: 4KB - Virtual size: 880B

.text
Size: 40KB - Virtual size: 36KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 9KB

.rsrc
Size: 4KB - Virtual size: 880B