24ea08873ea7abad485769127f021648_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

24ea08873ea7abad485769127f021648_JaffaCakes118
Size

204KB
MD5

24ea08873ea7abad485769127f021648
SHA1

c36cac5029d4a90dccbeb4443ef8620f306c0444
SHA256

cd4dd8bf3edaa72f32aad65f45bffbfe1702085a19df03f40d6886eae1ec9c90
SHA512

f75f868830a2ff590980d2e0ee99e4ffc8ee52fc16d4dad61df409ba8103501dcb95ed5eb24d542d55208ff4a5e8ff194452ff264ac9a858710c6d401bcbf121
SSDEEP

3072:mzfVW/88ik4N5p2NiVmZ9HY6Bp8haZj1QLY6C996rmcq0olZpAXDrJud7NC1/SBa:Hnue18hajQkQmcq0oRA5iEI34

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
24ea08873ea7abad485769127f021648_JaffaCakes118

Files

24ea08873ea7abad485769127f021648_JaffaCakes118
.exe windows:4 windows x86 arch:x86

10abbbb872dd01ceeb3ddd1b84c8c111

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetThreadLocale
FindFirstFileA
FindClose
GetWindowsDirectoryA
GetSystemDirectoryA
RaiseException
lstrcmpiA
WaitForSingleObject
CloseHandle
CompareStringA
GetProcessHeap
HeapAlloc
HeapFree
WideCharToMultiByte
MoveFileExA
GetShortPathNameA
GetPrivateProfileSectionA
WritePrivateProfileSectionA
CreateFileA
WriteFile
lstrlenA
lstrcmpA
FindResourceA
SizeofResource
LockResource
GetLocaleInfoA
FindResourceExA
GetLastError
IsBadStringPtrA
GetComputerNameA
InitializeCriticalSection
DeleteCriticalSection
CreateProcessA
CreateDirectoryA
GetTempFileNameA
MoveFileA
DeleteFileA
Sleep
DebugBreak
LeaveCriticalSection
EnterCriticalSection
HeapSize
HeapReAlloc
HeapDestroy
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
QueryPerformanceCounter
GetTickCount
GetACP
InterlockedExchange
LoadResource
GetVersionExA
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
lstrcatA
lstrcpyA
GetModuleFileNameA
RtlUnwind
VirtualQuery
ExitProcess

user32

CharLowerA
CharNextA
wvsprintfA
MessageBoxA

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExA

shell32

SHGetSpecialFolderPathA

shlwapi

StrToIntExA
StrToIntA
StrStrA

ws2_32

WSACleanup
WSAStartup
closesocket
recv
send
getsockopt
__WSAFDIsSet
select
WSAGetLastError
gethostbyname
ioctlsocket
socket
inet_addr
connect
htons

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 158KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

10abbbb872dd01ceeb3ddd1b84c8c111

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

shlwapi

ws2_32

Sections

.text Size: 39KB - Virtual size: 39KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 10KB

.rsrc Size: 158KB - Virtual size: 157KB

.text
Size: 39KB - Virtual size: 39KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 10KB

.rsrc
Size: 158KB - Virtual size: 157KB