0ed76afcd5a813795ceb0486da4d6855_JaffaCakes118

General

Target

0ed76afcd5a813795ceb0486da4d6855_JaffaCakes118
Size

48KB
MD5

0ed76afcd5a813795ceb0486da4d6855
SHA1

eb0d1aceb91d2c5f9e78db85c5d673732c3a6df2
SHA256

73bc1d3dd583ea3388f1f43a74aeafbaf5d92f96874a558d874d5a268336c636
SHA512

bc3fe2b1993ffb13f77c9f52a60c7d48f3678d8fdd3ce4c8c39fecf5e5e492bd387737a48d9e769ed72fa3f5551f3a21c360b88f38ce1ce321df34c7f77f937a
SSDEEP

768:ZTXvWWp33mp/bG7DW1PoPP9eOG5JAPtG:Zr9k6XkUwYtG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0ed76afcd5a813795ceb0486da4d6855_JaffaCakes118

Files

0ed76afcd5a813795ceb0486da4d6855_JaffaCakes118
.exe windows:4 windows x86 arch:x86

113125752a64b78aa821d59f68388b3d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
CloseHandle
Process32NextW
Module32FirstW
Process32FirstW
CreateToolhelp32Snapshot
GetCurrentProcess
TerminateProcess
OpenProcess
GlobalMemoryStatus
GetVersionExW
GetComputerNameW
FreeLibrary
GetProcAddress
LoadLibraryW
WideCharToMultiByte
GetExitCodeThread
WriteFile
ReadFile
PeekNamedPipe
CreateProcessW
GetSystemDirectoryW
GetStartupInfoW
CreatePipe
CreateEventW
SetEvent
LCMapStringA
LoadLibraryA
GetOEMCP
GetACP
TerminateThread
CreateThread
lstrlenW
WaitForSingleObject
GetCPInfo
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
IsBadCodePtr
IsBadReadPtr
LCMapStringW
SetUnhandledExceptionFilter
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
RtlUnwind
HeapFree
HeapAlloc
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
UnhandledExceptionFilter
FreeEnvironmentStringsA

user32

GetForegroundWindow
GetKeyState
wsprintfW
GetWindowTextW
GetAsyncKeyState

advapi32

LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken

ws2_32

recv
htons
connect
shutdown
WSACleanup
WSAStartup
setsockopt
closesocket
gethostbyname
inet_addr
socket
send

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

113125752a64b78aa821d59f68388b3d

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

Sections

.text Size: 28KB - Virtual size: 24KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 13KB

.text
Size: 28KB - Virtual size: 24KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 13KB