ffe9d457c578fd39d05b3d8e9d9972aa_JaffaCakes118

General

Target

ffe9d457c578fd39d05b3d8e9d9972aa_JaffaCakes118
Size

29KB
MD5

ffe9d457c578fd39d05b3d8e9d9972aa
SHA1

58ba5d52ae598aad907123b8b553a9405c597331
SHA256

28edb38afdb42f4b3633fb43a97422c2706f3559d81236f45517a4edb7b9bfc8
SHA512

5eb2619796ba5ec49a801612e67f8c15008847b89b77ec0dda2c6f17c47125e6e647a0f693d2be72d4b9971e3a0adf979a98305a47448f4d52712fb5ad0ff18a
SSDEEP

384:DRROTKKBso+2+LPEJbitmCVMlQ2gbH5nhLGcXZZGG:DRUTKNPo2tmCCwnh6az

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ffe9d457c578fd39d05b3d8e9d9972aa_JaffaCakes118

Files

ffe9d457c578fd39d05b3d8e9d9972aa_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c2e3c53c8c5983ead999780380e74914

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteProcessMemory
GetProcAddress
GetModuleHandleA
VirtualProtectEx
VirtualAllocEx
GetCurrentProcess
WaitForSingleObject
InitializeCriticalSection
GetLocalTime
lstrcmpiA
GetVersionExA
GetComputerNameA
VirtualAlloc
SetFileTime
CloseHandle
GetFileTime
CreateFileA
CreateDirectoryA
CopyFileA
GetModuleFileNameA
GetLastError
CreateMutexA
GetSystemDirectoryA
DeleteFileA
SetThreadContext
GetTickCount
GetCommandLineA
LeaveCriticalSection
EnterCriticalSection
CreateThread
FindClose
FindNextFileA
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileA
Process32Next
OpenProcess
Process32First
CreateToolhelp32Snapshot
WriteFile
GetDriveTypeA
GetLogicalDrives
GetCurrentProcessId
GlobalMemoryStatus
GetDiskFreeSpaceExA
GetVolumeInformationA
GetLogicalDriveStringsA
DeleteCriticalSection
ResumeThread
TerminateProcess
CreateProcessA
GetThreadContext
ReadProcessMemory
VirtualQueryEx
GetFileSize
ReadFile
Sleep
SetFilePointer

user32

GetCursorPos

advapi32

RegDeleteKeyA
RegDeleteValueA
RegSetValueExA
GetUserNameA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegEnumValueA
RegCreateKeyA

shell32

SHGetSpecialFolderPathA

msvcrt

_strlwr
??3@YAXPAX@Z
rename
??2@YAPAXI@Z
sprintf
rand
srand
memset
strcmp
exit
strcat
strcpy
strstr
abs
memcpy
strlen

ws2_32

recv
setsockopt
connect
htons
socket
WSACreateEvent
inet_ntoa
gethostbyname
WSAStartup
select
WSAGetLastError
WSACleanup
send
WSAEventSelect
WSAEnumNetworkEvents
WSACloseEvent
closesocket

psapi

EnumProcessModules
GetModuleFileNameExA
GetProcessMemoryInfo

Sections

.data
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c2e3c53c8c5983ead999780380e74914

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

msvcrt

ws2_32

psapi

Sections

.data Size: 29KB - Virtual size: 28KB

.data
Size: 29KB - Virtual size: 28KB