1494f7ac7917b75237238d86da577f08_JaffaCakes118

General

Target

1494f7ac7917b75237238d86da577f08_JaffaCakes118
Size

25KB
MD5

1494f7ac7917b75237238d86da577f08
SHA1

14b522737f8d0e351dbcdc21309692f104adf2aa
SHA256

d614a422846a6fb825487379273d018fb1bb4389dc44d357bc301c8997700fcd
SHA512

68097c4f24c09605ac3776ae89647c0070a489ff49408469f83a010857c6df98a0ab3f2b709f70ae1f311633c62b8ce438252dd3d9d36609ed8c73f238a24a2b
SSDEEP

384:OJJ5quqTRNuXvgW48x09y5W/kf84kVdjaLacmkC0GJsJxXSEWf/ymWWj:Kq77s948e9pTtjaLacmkLGKOq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1494f7ac7917b75237238d86da577f08_JaffaCakes118

Files

1494f7ac7917b75237238d86da577f08_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f3df4521a32a9b6b488eef6f4b21cee8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeLibrary
Sleep
LocalAlloc
FindNextFileA
DeleteFileA
FindFirstFileA
VirtualFree
lstrlenA
VirtualAlloc
lstrcatA
GetEnvironmentVariableA
CreateProcessA
GetExitCodeThread
TerminateThread
VirtualProtect
CreateMutexA
CreateThread
CreateEventW
SetThreadPriority
WinExec
GetLastError
ReadFile
SetFilePointer
lstrcmpA
GetSystemDirectoryA
LocalFree
MultiByteToWideChar
GetVersionExA
LoadLibraryA
GetModuleHandleW
lstrcpyA
WaitForSingleObject
SetEvent
ResetEvent
GetProcAddress
GetModuleFileNameA
GetTempPathA
CreateFileA
WriteFile
CloseHandle

user32

CharUpperA
wsprintfA
CharLowerA

advapi32

DeleteService
ControlService
OpenSCManagerA
CreateServiceA
StartServiceA
CloseServiceHandle
RegQueryValueExA
RegOpenKeyA
RegCloseKey
RegOpenKeyExA
OpenServiceA

ws2_32

WSACleanup
closesocket
connect
socket
WSAStartup
recv
send

urlmon

URLDownloadToFileA

dnsapi

DnsQuery_W
DnsRecordListFree

Exports

Exports

LpkDllInitialize
LpkDrawTextEx
LpkEditControl
LpkExtTextOut
LpkGetCharacterPlacement
LpkGetTextExtentExPoint
LpkInitialize
LpkPSMTextOut
LpkTabbedTextOut
LpkUseGDIWidthCache
ftsWordBreak

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 1022B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f3df4521a32a9b6b488eef6f4b21cee8

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

urlmon

dnsapi

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 4KB

.reloc Size: 1024B - Virtual size: 1022B

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 4KB

.reloc
Size: 1024B - Virtual size: 1022B