2104286989b993339e01475c7eed702c_JaffaCakes118

General

Target

2104286989b993339e01475c7eed702c_JaffaCakes118
Size

29KB
MD5

2104286989b993339e01475c7eed702c
SHA1

bf4c1a2709b4d3fbdacecbb00949f84e57fe7f0a
SHA256

bf523512ff5ecb3dffbe6c53ec6962ccaa5a94e8e66d7daa729d1e2467bf9e76
SHA512

fc4223df1cf9a14a96219835e01a84b8e3537da9b4cf130a9da1a73992847a5705b5421461f92af6c1d98713c97d866b33ea34247ef4ecca0d4cefa8e88cc338
SSDEEP

384:hzSJYT+OBso+2+LPEJzOhC+9EligP35jhLGcXZZGG:hPT+pPoChC+H8jh6az

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2104286989b993339e01475c7eed702c_JaffaCakes118

Files

2104286989b993339e01475c7eed702c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c2e3c53c8c5983ead999780380e74914

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteProcessMemory
GetProcAddress
GetModuleHandleA
VirtualProtectEx
VirtualAllocEx
GetCurrentProcess
WaitForSingleObject
InitializeCriticalSection
GetLocalTime
lstrcmpiA
GetVersionExA
GetComputerNameA
VirtualAlloc
SetFileTime
CloseHandle
GetFileTime
CreateFileA
CreateDirectoryA
CopyFileA
GetModuleFileNameA
GetLastError
CreateMutexA
GetSystemDirectoryA
DeleteFileA
SetThreadContext
GetTickCount
GetCommandLineA
LeaveCriticalSection
EnterCriticalSection
CreateThread
FindClose
FindNextFileA
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileA
Process32Next
OpenProcess
Process32First
CreateToolhelp32Snapshot
WriteFile
GetDriveTypeA
GetLogicalDrives
GetCurrentProcessId
GlobalMemoryStatus
GetDiskFreeSpaceExA
GetVolumeInformationA
GetLogicalDriveStringsA
DeleteCriticalSection
ResumeThread
TerminateProcess
CreateProcessA
GetThreadContext
ReadProcessMemory
VirtualQueryEx
GetFileSize
ReadFile
Sleep
SetFilePointer

user32

GetCursorPos

advapi32

RegDeleteKeyA
RegDeleteValueA
RegSetValueExA
GetUserNameA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegEnumValueA
RegCreateKeyA

shell32

SHGetSpecialFolderPathA

msvcrt

_strlwr
??3@YAXPAX@Z
rename
??2@YAPAXI@Z
sprintf
rand
srand
memset
strcmp
exit
strcat
strcpy
strstr
abs
memcpy
strlen

ws2_32

recv
setsockopt
connect
htons
socket
WSACreateEvent
inet_ntoa
gethostbyname
WSAStartup
select
WSAGetLastError
WSACleanup
send
WSAEventSelect
WSAEnumNetworkEvents
WSACloseEvent
closesocket

psapi

EnumProcessModules
GetModuleFileNameExA
GetProcessMemoryInfo

Sections

.data
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c2e3c53c8c5983ead999780380e74914

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

msvcrt

ws2_32

psapi

Sections

.data Size: 29KB - Virtual size: 28KB

.data
Size: 29KB - Virtual size: 28KB