2a30556222e0016791f60c49ad3414fc_JaffaCakes118 | Triage

Sharing

General

Target

2a30556222e0016791f60c49ad3414fc_JaffaCakes118
Size

16KB
MD5

2a30556222e0016791f60c49ad3414fc
SHA1

4ca97a353af993d443df51e0953421c7e356d675
SHA256

58fd3fc47e09d0fe7cbb20803a767b16d23da4c84e5648079cdbd0e8464bdf03
SHA512

28641fc0b1753d71c53e81cc5c1d442eb3ce7c13aee920add23742920207c8001cf3524458a27831f7e4dbe5c61fc7579038d26af08d55ef9e0291a6f270c965
SSDEEP

384:2C6XdG8HRBFjbzEARpHLvD8vUMn6ZKmwq3l:2rI8x7HN6n6ZKal

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2a30556222e0016791f60c49ad3414fc_JaffaCakes118

Files

2a30556222e0016791f60c49ad3414fc_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b29cc533807401b27b9e4655da6b662f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetOpenA
InternetReadFile
InternetOpenUrlA

shell32

SHGetFolderPathA

ntdll

ZwQuerySystemInformation
ZwCreateSection

shlwapi

SHSetValueA
SHGetValueA

wsock32

__WSAFDIsSet
select
getsockname
getpeername
shutdown
accept
listen
bind
inet_ntoa
gethostbyname
gethostname
WSACleanup
closesocket
connect
socket
WSAStartup
recv
send

advapi32

RegSetValueExA
OpenServiceA
CloseServiceHandle
StartServiceA
CreateServiceA
OpenSCManagerA
RegCreateKeyA
RegCloseKey

user32

FindWindowExA
wsprintfA
SendMessageA
FindWindowA
MessageBoxA

kernel32

WaitForSingleObject
SetThreadPriority
OpenMutexA
CreateMutexA
FreeLibrary
GetLastError
GetEnvironmentVariableA
ResumeThread
SetThreadContext
GetThreadContext
WriteProcessMemory
VirtualAllocEx
TerminateProcess
CreateProcessA
LocalFree
LocalAlloc
DeviceIoControl
LoadLibraryExA
ExitThread
CreateThread
GetProcAddress
LoadLibraryA
CopyFileA
GetModuleFileNameA
GetModuleHandleA
WinExec
DeleteFileA
lstrcatA
Sleep
UnmapViewOfFile
MapViewOfFile
lstrlenA
OpenFile
CloseHandle
WriteFile
VirtualFree
VirtualAlloc
ExitProcess

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE