1a35428e63e0d0475404d407599a89b6_JaffaCakes118

General

Target

1a35428e63e0d0475404d407599a89b6_JaffaCakes118
Size

83KB
MD5

1a35428e63e0d0475404d407599a89b6
SHA1

157f3a3aa6a27a23b091d65687f301d642682497
SHA256

2918e17a9cf5e658f25d3a44900d999b2b632c041193fdfaafccb886e1fcf62c
SHA512

a825d584c0defd8b141551b82c3fc68aec7cc2970cd23aca51bb67e59219bb7b12b17dcb3486dabf7c55a626012f8b67d999916323b3d1cdffa7be25126dc7c5
SSDEEP

192:TVGZDPwfqyNs7su0Bk/U67WCGHqtIdkE4GBa/hxE1He43ahLaQW7aw8+m6BG:wbDjaqtIdV4G87E19ahLaQW7al1j

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1a35428e63e0d0475404d407599a89b6_JaffaCakes118

Files

1a35428e63e0d0475404d407599a89b6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5133ef848486e32850ee4139340dec77

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

HttpQueryInfoA
InternetCloseHandle
InternetOpenUrlA
InternetOpenA
InternetGetConnectedState
InternetReadFile

ntdll

_chkstk
memcpy
memmove
RtlUnwind
_snprintf
memset

kernel32

lstrlenA
GetTickCount
CreateFileA
GetTempPathA
ExitProcess
TerminateProcess
GetExitCodeProcess
OpenProcess
CreateThread
DeleteFileA
GetLastError
CreateMutexA
CloseHandle
CopyFileA
GetModuleFileNameA
GetTempFileNameA
GetModuleHandleA
GetCommandLineA
WriteFile
Sleep
GetPrivateProfileStringA
GetSystemDirectoryA

user32

MessageBoxA
FindWindowA
GetWindowThreadProcessId

advapi32

RegQueryValueExA
RegCloseKey
StartServiceCtrlDispatcherA
StartServiceA
RegisterServiceCtrlHandlerA
SetServiceStatus
OpenServiceA
DeleteService
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
OpenSCManagerA
CloseServiceHandle
CreateServiceA
RegOpenKeyExA
ChangeServiceConfig2A

shell32

ShellExecuteA

Sections

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 948B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 388B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5133ef848486e32850ee4139340dec77

Headers

File Characteristics

Imports

wininet

ntdll

kernel32

user32

advapi32

shell32

Sections

.text Size: 76KB - Virtual size: 76KB

.rdata Size: 1024B - Virtual size: 948B

.data Size: 512B - Virtual size: 388B

.idata Size: 3KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 920B

.text
Size: 76KB - Virtual size: 76KB

.rdata
Size: 1024B - Virtual size: 948B

.data
Size: 512B - Virtual size: 388B

.idata
Size: 3KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 920B