0e9c6645752773f24fa9193beed5597a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0e9c6645752773f24fa9193beed5597a_JaffaCakes118
Size

36KB
MD5

0e9c6645752773f24fa9193beed5597a
SHA1

0b8297974291d5ee8203c177770f97472b8471a1
SHA256

cae209c92313fc044f236026e13fac09f4b8f7c0aa363d3370cc3868959a4815
SHA512

ab790bd5621a0645055ab3fb43419c89f349a8c9dae840d1b26c951d2bdb8533f66f4d3a40667473e4e41d85756888be1f8d195e7a3c129d2ae75cac5d2f4028
SSDEEP

768:G6nXoccZisXKGSPE3BJb17VQAzdkUKjJzQbj8eoMeE:G6n4cGi0WknLQA5kUiQXLoMeE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0e9c6645752773f24fa9193beed5597a_JaffaCakes118

Files

0e9c6645752773f24fa9193beed5597a_JaffaCakes118
.exe windows:1 windows x86 arch:x86

d8a88b2868b617d711a8f4313927a7b6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

msvcrt

memcpy
fclose
realloc
free
??2@YAPAXI@Z
ftell
strcpy
abort
memcpy
malloc
isalnum
fseek
freopen
strcmp
strlen
__p___initenv
atol
sprintf
memset
_vsnprintf
memset
_mbschr
fopen
_mbsrchr
fread
free
__getmainargs
__set_app_type
strcat
_mbsicmp
isspace
malloc
??3@YAXPAX@Z

kernel32

VirtualFree
VirtualAlloc
Sleep
SetEvent
ResetEvent
LoadResource
LeaveCriticalSection
InitializeCriticalSection
GetStdHandle
GetProcAddress
GetPrivateProfileStringA
GetModuleHandleA
GetModuleFileNameA
DuplicateHandle
FreeLibrary
ExpandEnvironmentStringsA
FindResourceA
EnterCriticalSection
ExitProcess
GetCurrentProcess
LoadLibraryA
CreateThread
CreateProcessA
GetLastError
SetFileAttributesA
CreateEventA
CopyFileA
CloseHandle
VirtualProtect
WriteFile
WinExec
WaitForMultipleObjects
GetEnvironmentVariableA

advapi32

RegSetValueExA
RegDeleteValueA
RegCreateKeyA
OpenProcessToken
LookupPrivilegeValueA
CryptVerifySignatureA
CryptDecrypt
CryptCreateHash
CryptAcquireContextA
AdjustTokenPrivileges
CryptImportKey
RegCloseKey

wsock32

socket
send
select
recv
connect
closesocket
WSAStartup

wininet

InternetOpenA
InternetGetConnectedState
InternetCloseHandle

user32

TranslateMessage
RegisterClassExA
MessageBoxA
LoadIconA
LoadCursorA
GetMessageA
ExitWindowsEx
DispatchMessageA
DefWindowProcA
CreateWindowExA

Sections

CODE
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 2KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d8a88b2868b617d711a8f4313927a7b6

Headers

File Characteristics

Imports

msvcrt

kernel32

advapi32

wsock32

wininet

user32

Sections

CODE Size: 17KB - Virtual size: 20KB

DATA Size: 2KB - Virtual size: 12KB

.idata Size: 2KB - Virtual size: 4KB

.reloc Size: 1024B - Virtual size: 4KB

.rsrc Size: 11KB - Virtual size: 11KB

CODE
Size: 17KB - Virtual size: 20KB

DATA
Size: 2KB - Virtual size: 12KB

.idata
Size: 2KB - Virtual size: 4KB

.reloc
Size: 1024B - Virtual size: 4KB

.rsrc
Size: 11KB - Virtual size: 11KB