16406aeff6ded69b102b7442324bcd37_JaffaCakes118

General

Target

16406aeff6ded69b102b7442324bcd37_JaffaCakes118
Size

68KB
MD5

16406aeff6ded69b102b7442324bcd37
SHA1

6325b57d9ca1dcc5820d5d800bde242ab6753bb4
SHA256

adb9c2fe930fae579ce87059b4b9e15c22b6498c42df01db9760f75d983b93b2
SHA512

2615bb2e8d6bc4d0d09a566b3d0c397fa17d76a608a009b89cac1bcfaa68eeeea91903a388d146610f5bfcb33403bf4f4fce5bf1cad3efc51b79617dc406b43d
SSDEEP

1536:fyWUNpMUbWpagx3uLCASaT46Uwtg13qoo5F9b2/VTt7T:fyWUN+a4+uAQ6FNv5F9byVTtn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
16406aeff6ded69b102b7442324bcd37_JaffaCakes118

Files

16406aeff6ded69b102b7442324bcd37_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d80ed298c82f261bef812be5fb745109

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetModuleHandleA
Sleep
GetCurrentProcess
SetFileAttributesA
GetFileAttributesA
GetModuleFileNameA
CreateMutexA
CreateThread
LoadLibraryA
DeleteFileA
FreeLibrary
GetLastError
CreateFileA
GetFileSize
ReadFile
SetFilePointer
WriteFile
WaitForSingleObject
CloseHandle
InterlockedExchange
FlushFileBuffers
SetStdHandle
GetOEMCP
GetACP
GetStringTypeW
GetStringTypeA
RtlUnwind
InterlockedDecrement
InterlockedIncrement
GetCurrentThreadId
TlsSetValue
TlsGetValue
ExitThread
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
TlsAlloc
SetLastError
HeapAlloc
TerminateProcess
HeapReAlloc
HeapSize
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetCPInfo
RaiseException

advapi32

RegSetValueExA
RegOpenKeyExA
RegCloseKey
RegDeleteValueA

ws2_32

shutdown
closesocket
recv
send
WSAStartup
WSASocketA
htons
setsockopt
WSAIoctl
connect
gethostbyname

Exports

Exports

deKernel

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d80ed298c82f261bef812be5fb745109

Headers

File Characteristics

Imports

kernel32

advapi32

ws2_32

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 39KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 22KB - Virtual size: 27KB

.text
Size: 40KB - Virtual size: 39KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 22KB - Virtual size: 27KB