0d4d0a570b374a3d74b22e0b3b127f73_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0d4d0a570b374a3d74b22e0b3b127f73_JaffaCakes118
Size

84KB
MD5

0d4d0a570b374a3d74b22e0b3b127f73
SHA1

d5ca27f5b9605b452aa5de34c78dc8fcfe507c95
SHA256

cc02ba7e18845d38fb44dd825497fc977c92d3c030ba6d911f4d06c665227a31
SHA512

a1dcab8b6dcea6bb7c25def6d3846a3809ae663ceb2b9ede0852f8e5be9472074f163bd270106d5e33c6e50424dd1d03867c1076d5830533c194337fdcf17485
SSDEEP

768:GNlgrrk8sn26jf38oKN4/fuiOLORTeWIrUlLmL4TuOv+esxVPwR4QWthrm:gajyXJthFISLmL4T/+Nxzthrm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d4d0a570b374a3d74b22e0b3b127f73_JaffaCakes118

Files

0d4d0a570b374a3d74b22e0b3b127f73_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2428e5950ce358fafd307211f682d874

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CopyFileA
GetWindowsDirectoryA
InterlockedDecrement
Sleep
GetModuleFileNameA
GetTickCount
Process32Next
Process32First
CreateToolhelp32Snapshot
WriteProcessMemory
OpenProcess
GetProcAddress
GetModuleHandleA
FreeLibrary
LoadLibraryA
ExitProcess
CreateThread
DeleteFileA
CloseHandle
WriteFile
GlobalAlloc
GetLastError
ReadFile
SetFilePointer
lstrlenA
GetFileSize
GetSystemTime
UnhandledExceptionFilter
LCMapStringW
LCMapStringA
LocalFree
SetStdHandle
GetOEMCP
GetACP
GetCPInfo
IsBadCodePtr
IsBadReadPtr
ExitThread
GlobalLock
GlobalUnlock
CreateFileA
GetStringTypeW
GetStringTypeA
SetUnhandledExceptionFilter
IsBadWritePtr
WideCharToMultiByte
HeapSize
HeapAlloc
HeapReAlloc
GetCurrentProcess
VirtualAlloc
FlushFileBuffers
TerminateProcess
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
MultiByteToWideChar
RtlUnwind
GetStartupInfoA
GetCommandLineA
GetVersion
HeapFree
RaiseException
FreeEnvironmentStringsA

user32

CloseClipboard
VkKeyScanA
ShowWindow
SetFocus
SetForegroundWindow
keybd_event
BlockInput
CharLowerA
EmptyClipboard
SetClipboardData
OpenClipboard

advapi32

GetUserNameA
RegDeleteValueA
RegCloseKey

ole32

CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

VariantClear
VariantInit
SysAllocString
SysFreeString

wsock32

closesocket
WSAGetLastError
recv
send
inet_addr
accept
listen
bind
socket
htons
connect
inet_ntoa
ioctlsocket

Sections

.text
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 4KB - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2428e5950ce358fafd307211f682d874

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

wsock32

Sections

.text Size: 52KB - Virtual size: 48KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 16KB - Virtual size: 19KB

.sxdata Size: 4KB - Virtual size: 124B

.text
Size: 52KB - Virtual size: 48KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 16KB - Virtual size: 19KB

.sxdata
Size: 4KB - Virtual size: 124B