fc2e23c66aab3fff0737b7ca6a237b60_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fc2e23c66aab3fff0737b7ca6a237b60_JaffaCakes118
Size

44KB
MD5

fc2e23c66aab3fff0737b7ca6a237b60
SHA1

250612b7a45f176d9406d12b36118e77d7d212a7
SHA256

98aa078793f22921327745041b93bbe105482914a0fd367476e9bd1b796f4827
SHA512

3ef079447f2d120cd5a90566335d2d32ad4efd7d53067ea81f412e7ff5bfa2aef67fef9c80a6249e8639a517897b756905c96ff6156a2c74c36f0804896c1aa9
SSDEEP

768:TQyOaW4LAlaDVO/E8WXBZSugksXUxVzjZXhXqwV5htKvDs:TMflINdZ3gkNfZfeDs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fc2e23c66aab3fff0737b7ca6a237b60_JaffaCakes118

Files

fc2e23c66aab3fff0737b7ca6a237b60_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c448fc12ca4d722004ea3ef4a9b7c0e1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
GetSystemTime
CreateFileA
WinExec
lstrcatA
GetSystemDirectoryA
GetLastError
GetCurrentProcess
VirtualFree
VirtualAlloc
Process32Next
lstrcmpiA
Process32First
CreateToolhelp32Snapshot
Thread32Next
SuspendThread
ResumeThread
OpenThread
Thread32First
WriteProcessMemory
VirtualProtectEx
VirtualAllocEx
VirtualFreeEx
CreateThread
SetThreadContext
GetThreadContext
CopyFileA
GetModuleFileNameA
GetModuleHandleA
lstrlenA
DuplicateHandle
OpenProcess
CreateRemoteThread
GetCurrentProcessId
GlobalMemoryStatus
GetVersionExA
GetTickCount
GetComputerNameA
ExitProcess
CreateMutexA
LoadLibraryA
IsBadReadPtr
WideCharToMultiByte
VirtualProtect
GetProcAddress
CreatePipe
GetStartupInfoA
CreateProcessA
GetExitCodeProcess
ReadFile
Sleep
PeekNamedPipe
ReadProcessMemory
WriteFile
HeapReAlloc
LCMapStringW
LCMapStringA
GetSystemInfo
HeapAlloc
HeapFree
GetLocaleInfoA
GetCPInfo
GetOEMCP
GetACP
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
TerminateProcess
VirtualQuery
InterlockedExchange
GetCurrentThreadId
QueryPerformanceCounter
GetSystemTimeAsFileTime

user32

wsprintfA

advapi32

RegOpenKeyExA
RegOpenKeyA
RegSetValueExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
GetUserNameA

ntdll

NtQuerySystemInformation
NtQueryInformationProcess
RtlUnwind

ws2_32

connect
__WSAFDIsSet
WSAStartup
WSACleanup
htons
socket
select
listen
accept
send
ioctlsocket
recv
closesocket
bind

wininet

InternetReadFile
InternetCloseHandle
InternetOpenA
InternetOpenUrlA

Sections

�ce��5E
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

)��T�s�
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Oꧏo�i�
Size: 4KB - Virtual size: 150B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

>ʄ�(�\�
Size: 137B - Virtual size: 137B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c448fc12ca4d722004ea3ef4a9b7c0e1

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ntdll

ws2_32

wininet

Sections

�ce��5E Size: 32KB - Virtual size: 30KB

)��T�s� Size: 4KB - Virtual size: 3KB

Oꧏo�i� Size: 4KB - Virtual size: 150B

>ʄ�(�\� Size: 137B - Virtual size: 137B

�ce��5E
Size: 32KB - Virtual size: 30KB

)��T�s�
Size: 4KB - Virtual size: 3KB

Oꧏo�i�
Size: 4KB - Virtual size: 150B

>ʄ�(�\�
Size: 137B - Virtual size: 137B