1aec6846384b359d2c0f50cc9a1f7983_JaffaCakes118

General

Target

1aec6846384b359d2c0f50cc9a1f7983_JaffaCakes118
Size

16KB
MD5

1aec6846384b359d2c0f50cc9a1f7983
SHA1

bf8930c20832bc484e406eed1a1ea481307ce570
SHA256

ca400b206febcf9bd76eab99d37cff2b252e9ef1c61ec74f041ca1cb54211f18
SHA512

2c2bd1a2dbee754190b64f73d32b7e45b66acedc19471f8510cbbc715d36bf07699e56d3552a152c1615cf6210352c3e6c4021989d1bbed615e82ec69bdc1aba
SSDEEP

384:8BiWTCpqCk4fWL/Icsg/wOuk/NbPwagrYBf9d1DG:8DTC8CkKW0Dg/wlkNCYBf9jD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1aec6846384b359d2c0f50cc9a1f7983_JaffaCakes118

Files

1aec6846384b359d2c0f50cc9a1f7983_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0205c85a49035ae3cddd1c01b24b27ab

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
GetTempFileNameA
GetTempPathA
Process32Next
Process32First
CreateToolhelp32Snapshot
GetProcAddress
WaitForSingleObject
CreateRemoteThread
GetModuleHandleA
OpenProcess
WinExec
SizeofResource
LockResource
LoadResource
FindResourceA
LoadLibraryA
GetFileAttributesA
CreateEventA
MoveFileExA
SetFileTime
SystemTimeToFileTime
GetSystemTime
CreateThread
GetSystemDirectoryA
GetCurrentThreadId
CopyFileA
DeleteFileA
SleepEx
GetCurrentProcess
GetStartupInfoA
TerminateProcess
WriteFile
CreateFileA
SetFilePointer
ReadFile
CloseHandle
GetFileSize
GetTickCount
FreeResource
Sleep

user32

GetCursorPos
PostMessageA
GetInputState
PostThreadMessageA
GetMessageA
SendMessageA
SetForegroundWindow
SetCursorPos
SetActiveWindow
GetWindowRect
FindWindowA
ShowWindow
FindWindowExA

advapi32

RegSetValueExA
RegOpenKeyA
RegQueryValueExA
RegSetValueA
RegCreateKeyA
ControlService
QueryServiceStatus
CloseServiceHandle
OpenServiceA
OpenSCManagerA
RegOpenKeyExA
RegCloseKey

shell32

ShellExecuteA

msvcrt

exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_strnicmp
_controlfp
_strcmpi
_acmdln
_XcptFilter
_exit
free
strncpy
rand
srand
malloc
strrchr
fclose
fprintf
fopen
_except_handler3
time

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0205c85a49035ae3cddd1c01b24b27ab

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

msvcrt

Sections

.text Size: 11KB - Virtual size: 11KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 1024B - Virtual size: 2KB

.rsrc Size: 31KB - Virtual size: 30KB

.text
Size: 11KB - Virtual size: 11KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 1024B - Virtual size: 2KB

.rsrc
Size: 31KB - Virtual size: 30KB