15d35a32ef17c4149a0ac87ef25b3f74_JaffaCakes118

General

Target

15d35a32ef17c4149a0ac87ef25b3f74_JaffaCakes118
Size

164KB
MD5

15d35a32ef17c4149a0ac87ef25b3f74
SHA1

fae98ec0de228dedb168f445dc67b6a411ccfb93
SHA256

1c3906b3c2d5ed554eca57bc3b248bba99c61f27a05de5c0e2b902f83d6b30bc
SHA512

7d15ef786196d97f13440ad4aa7493a5f96ef75d13089a7d26f0f3cad62bf56d4d391ea841254608f91dc97f7668be1f030fa0c55c8d509efc500d9865a1eee0
SSDEEP

3072:SB85GNA5gslTY6+q2CsUk0MEAIrO20uiR9O4hkekj8X9ooR:SB4JYG2C40FVh0/QFdjk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
15d35a32ef17c4149a0ac87ef25b3f74_JaffaCakes118

Files

15d35a32ef17c4149a0ac87ef25b3f74_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e504e885f2dd25b14ef57f618ee9a004

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExpandEnvironmentStringsA
GetModuleHandleA
FreeLibrary
GetVersionExA
GetProcAddress
LoadLibraryA
GetFileAttributesA
lstrcmpA
Sleep
GetLocaleInfoW
SetEndOfFile
GetOEMCP
GetACP
SetStdHandle
IsBadCodePtr
IsBadReadPtr
CreateFileA
WideCharToMultiByte
MultiByteToWideChar
HeapAlloc
RtlUnwind
RaiseException
HeapFree
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapReAlloc
TerminateProcess
GetCurrentProcess
LCMapStringA
LCMapStringW
GetCPInfo
CompareStringA
CompareStringW
GetLastError
ReadFile
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
WriteFile
SetFilePointer
FlushFileBuffers
CloseHandle
SetUnhandledExceptionFilter
HeapSize
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
SetEnvironmentVariableA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetUserNameA

ws2_32

WSAStartup
htons
inet_addr
socket
connect
send
closesocket
WSACleanup

Sections

.text
Size: 128KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e504e885f2dd25b14ef57f618ee9a004

Headers

File Characteristics

Imports

kernel32

advapi32

ws2_32

Sections

.text Size: 128KB - Virtual size: 126KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 12KB - Virtual size: 33KB

.text
Size: 128KB - Virtual size: 126KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 12KB - Virtual size: 33KB