0ede5846c159f1bb0cd588296390f17e_JaffaCakes118

General

Target

0ede5846c159f1bb0cd588296390f17e_JaffaCakes118
Size

40KB
MD5

0ede5846c159f1bb0cd588296390f17e
SHA1

8a74f19fad0d157d7e8c7deba5fb045fccc41d62
SHA256

beb7c86c18d06ce2611b0677374436de855a25d97efef77720373c33bca73492
SHA512

a8c1bf3a0594c7e3e6078df3af0dc1894e1dba4795d1a817bc1b053f0640581a0ff9258b93d57d91cff7247e1c3f0e0cb73d6b380e2c65bf2636f458051a677d
SSDEEP

768:8RzINWYJxA2CAWToYpw8lyNjEHomVCZKFoB:qINBs2zWTFxlQjEImQ4oB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0ede5846c159f1bb0cd588296390f17e_JaffaCakes118

Files

0ede5846c159f1bb0cd588296390f17e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

01a80a9cd29a466c64e05b36fb5e219d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
OpenProcess
GetCurrentProcessId
GetModuleHandleA
PeekNamedPipe
LoadLibraryA
GetModuleFileNameA
ReadFile
Sleep
GetLastError
DuplicateHandle
CreateProcessA
CreateThread
TerminateThread
WaitForMultipleObjects
TerminateProcess
DisconnectNamedPipe
CreatePipe
CloseHandle
ExitThread
GetCurrentProcess
GetProcAddress
lstrlenA
LCMapStringW
LCMapStringA
InterlockedIncrement
InterlockedDecrement
GetOEMCP
GetACP
HeapFree
HeapAlloc
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
GetCPInfo

user32

ExitWindowsEx

advapi32

StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenServiceA
DeleteService
OpenSCManagerA
CreateServiceA
CloseServiceHandle
RegOpenKeyA
RegSetValueExA
RegCloseKey
RegOpenKeyExA

ws2_32

socket
htonl
htons
bind
WSAStartup
WSACleanup
send
select
recv
closesocket
accept
listen

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

01a80a9cd29a466c64e05b36fb5e219d

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 13KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 13KB