169b130ebae5a631ead084565dc63f74_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

169b130ebae5a631ead084565dc63f74_JaffaCakes118
Size

17KB
MD5

169b130ebae5a631ead084565dc63f74
SHA1

4d3d5f74224512b8d5aa4225375f216f0a8ef0f2
SHA256

31e774de3b396f7576885e63265efee0a45e743d423019280dd84ddae6a74e07
SHA512

327ce13726b0dd8d00abcb1437a2ab27397f74cc4f713027a9e20a24c872ce95582275f5bfa4af7d00e59d6be92f3bc245814968cc53b880f3a92249ab196b10
SSDEEP

384:kxZ9r+hoZehk3pDfvmdAqNbwcCAdyXA7/s3O:kzr+hthKnwNMMgXAzs3O

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
169b130ebae5a631ead084565dc63f74_JaffaCakes118

Files

169b130ebae5a631ead084565dc63f74_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7b073fcc23027aca36066ac5a8ab4de9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CreateStreamOnHGlobal

kernel32

WriteFile
_lclose
_lcreat
_lopen
_lread
_lwrite
lstrcatA
lstrlenA
lstrcpyA
lstrcmpiA
CloseHandle
UnmapViewOfFile
SuspendThread
Sleep
SetFilePointer
SetEvent
RtlMoveMemory
ResumeThread
RemoveDirectoryA
ReadFile
MoveFileA
MapViewOfFile
LocalFree
LocalAlloc
LoadLibraryA
GlobalFree
GlobalAlloc
GetSystemDirectoryA
GetStartupInfoA
GetProcAddress
GetModuleFileNameA
GetLogicalDrives
GetLocalTime
GetLastError
GetFileSize
GetFileAttributesA
GetEnvironmentVariableA
GetCurrentProcess
FindNextFileA
FindFirstFileA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
ExitProcess
DeleteFileA
CreateThread
CreateProcessA
CreateFileMappingA
CreateFileA
CreateDirectoryA
CopyFileA
CompareStringA
lstrcmpA

user32

SendMessageA
wsprintfA

oleaut32

SafeArrayCreateVector
SafeArrayUnaccessData
SafeArrayAccessData

advapi32

OpenSCManagerA
StartServiceCtrlDispatcherA
StartServiceA
SetServiceStatus
RegisterServiceCtrlHandlerA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyA
RegEnumValueA
RegCloseKey
OpenServiceA
AdjustTokenPrivileges
CloseServiceHandle
CreateServiceA
LookupPrivilegeValueA
OpenProcessToken

shlwapi

StrStrIA

shell32

ShellExecuteA

wsock32

listen
htons
getsockname
connect
closesocket
accept
WSAStartup
bind
recv
send
shutdown
socket

ws2_32

WSASocketA

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7b073fcc23027aca36066ac5a8ab4de9

Headers

File Characteristics

Imports

ole32

kernel32

user32

oleaut32

advapi32

shlwapi

shell32

wsock32

ws2_32

Sections

.text Size: 10KB - Virtual size: 10KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 3KB - Virtual size: 151KB

.text
Size: 10KB - Virtual size: 10KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 3KB - Virtual size: 151KB