fd7615a5049e261e75a0104c0cca99d2_JaffaCakes118

General

Target

fd7615a5049e261e75a0104c0cca99d2_JaffaCakes118
Size

25KB
MD5

fd7615a5049e261e75a0104c0cca99d2
SHA1

e08ca5035432236dd5681735c602c00ee078686c
SHA256

cb5b8df5c3dedf043fc6cc89775500fee90eb75d93cee23c8b95ee27ecba93e7
SHA512

056e37c10d664b67a6ba4f3bd22377f375f26d8f7c7faa64eaf4d209d658c54388eae11f272e201aadf45a95807ac4b31776f5d516511a24cb9eb2a25e7af791
SSDEEP

768:rtTV/83Vp5pv8lQvJ7tlWSTxqWTnvX33tWvQy/H:rtTV/8P5ksVxlAvQEH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fd7615a5049e261e75a0104c0cca99d2_JaffaCakes118

Files

fd7615a5049e261e75a0104c0cca99d2_JaffaCakes118
.exe windows:1 windows x86 arch:x86

860701bd80ac40babc72e489192171e0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LocalAlloc
GetCurrentProcess
ExitThread
SetFilePointer
ResetEvent
ReadFile
CreateMutexA
LocalFree
GetModuleFileNameA
SetPriorityClass
SetEndOfFile
GetModuleHandleA
RegisterServiceProcess
GetPrivateProfileStringA
GetProcAddress
ExitProcess
CopyFileA
LocalReAlloc
CreateProcessA
CloseHandle
WaitForSingleObject
Sleep
CreateThread
CreateFileA
GetLastError
SetCurrentDirectoryA
DeleteFileA
GetFileSize
WriteFile
WritePrivateProfileStringA
lstrcat
lstrcmpi
lstrlen
GetWindowsDirectoryA

advapi32

RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegCloseKey

user32

PeekMessageA
DispatchMessageA
TranslateMessage

ws2_32

socket
send
recvfrom
recv
inet_addr
gethostname
gethostbyname
connect
closesocket
bind
WSAStartup
sendto
WSAGetLastError
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent

Sections

CODE
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

860701bd80ac40babc72e489192171e0

Headers

File Characteristics

Imports

kernel32

advapi32

user32

ws2_32

Sections

CODE Size: 15KB - Virtual size: 16KB

DATA Size: 4KB - Virtual size: 12KB

.idata Size: 2KB - Virtual size: 4KB

.reloc Size: 2KB - Virtual size: 4KB

CODE
Size: 15KB - Virtual size: 16KB

DATA
Size: 4KB - Virtual size: 12KB

.idata
Size: 2KB - Virtual size: 4KB

.reloc
Size: 2KB - Virtual size: 4KB