1a649fe6e566511a548dbbd819e17f19_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1a649fe6e566511a548dbbd819e17f19_JaffaCakes118
Size

20KB
MD5

1a649fe6e566511a548dbbd819e17f19
SHA1

3d18fe4d9d1b9cec987158ca54cdc4acf4631902
SHA256

134ec5d239238696442f77eab8abcbcdac301785d4880c547705798a589882f0
SHA512

39311ad8c3812037424b2ddbb7a3ad83cc2c7dbd8fbb5ece46e3d2664d778ff408ec02b1a4831f2562eca1d1e080af96321bb7ba8c3822f97e5208b78af843ef
SSDEEP

384:hbrn+mUZvUx6FDb0sop9cdRQmQbGv1vgo+81+TSp+ndyDS10/XfTgtl8ocmc:hbr+mkvD07pKdRQmrgVTScnww0N

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1a649fe6e566511a548dbbd819e17f19_JaffaCakes118

Files

1a649fe6e566511a548dbbd819e17f19_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2cf94ce5a8be302a72e4b1dd40dc2d4d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetCurrentDirectoryA
GetModuleFileNameA
FindClose
FindNextFileA
FindFirstFileA
CreateProcessA
TerminateThread
GlobalAlloc
GlobalUnlock
GlobalLock
Process32Next
Process32First
CreateToolhelp32Snapshot
TerminateProcess
WinExec
DeleteFileA
GetDriveTypeA
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
GetComputerNameA
GlobalMemoryStatus
GetVersionExA
GetTickCount
GetLastError
GetCurrentProcess
GetStartupInfoA
GetModuleHandleA
Sleep
OpenProcess
CloseHandle
LoadLibraryA
GetProcAddress
FreeLibrary
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
WaitForSingleObject
ReadProcessMemory
VirtualFreeEx
CreateDirectoryA

user32

FindWindowExA
SendMessageA
PostQuitMessage
MessageBoxA
DefWindowProcA
PeekMessageA
DispatchMessageA
TranslateMessage
FindWindowA
GetWindowThreadProcessId
CreateWindowExA
RegisterClassExA
LoadCursorA
LoadIconA
UnregisterClassA
SetClipboardData
GetAsyncKeyState
CloseClipboard
GetClipboardData
ShowWindow
EnableWindow
OpenClipboard
IsClipboardFormatAvailable
SetCursorPos
EnumWindows
ExitWindowsEx
GetSystemMetrics
GetWindow
IsWindow
SetForegroundWindow
CloseWindow
DestroyWindow
SetFocus
keybd_event
GetMessageExtraInfo

ws2_32

connect
WSAStartup
listen
bind
WSAAsyncSelect
htons
socket
WSACleanup
getsockname
accept
WSASendDisconnect
recv
send
closesocket
gethostbyname
inet_ntoa
inet_addr

advapi32

RegDeleteKeyA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
GetUserNameA
RegEnumKeyExA
RegQueryValueExA
RegEnumValueA
RegCloseKey
RegSetValueExA
RegDeleteValueA
RegCreateKeyExA

winmm

mciSendStringA

shell32

ShellExecuteA

wininet

InternetGetConnectedState

ole32

CoCreateGuid

msvcrt

exit
_XcptFilter
_exit
srand
_CIpow
_ftol
strchr
fopen
fseek
ftell
fread
fclose
fwrite
rename
atoi
fprintf
strncpy
strrchr
sprintf
_acmdln
_stricmp
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2cf94ce5a8be302a72e4b1dd40dc2d4d

Headers

File Characteristics

Imports

kernel32

user32

ws2_32

advapi32

winmm

shell32

wininet

ole32

msvcrt

Sections

.text Size: 14KB - Virtual size: 14KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 2KB - Virtual size: 8KB

.text
Size: 14KB - Virtual size: 14KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 2KB - Virtual size: 8KB