2a8dd13c56c872fdb5d3d4b8667af736_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2a8dd13c56c872fdb5d3d4b8667af736_JaffaCakes118
Size

56KB
MD5

2a8dd13c56c872fdb5d3d4b8667af736
SHA1

8f0b610b9d4e3b9e726fcef371acc1afb3a93794
SHA256

17f485ca1416872a0995efae9c21702d4b9236bc9963ba3733003ada42e185ae
SHA512

b962a61905d849e969c5572ad4bcdd3b8a4ebab8a8b84cf904451ba36d5d77529bf362e97345c26843a35cafa284925b53799f138d3ed85b56122351ed84f1b3
SSDEEP

768:CS2mzoTGIF8ZUng8bD3dguWtpejluPl8:H22ox7PdgM0l

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2a8dd13c56c872fdb5d3d4b8667af736_JaffaCakes118

Files

2a8dd13c56c872fdb5d3d4b8667af736_JaffaCakes118
.exe windows:4 windows x86 arch:x86

930e7c6c3ce169bb06a41b994cb139ed

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLogicalDrives
TerminateProcess
OpenProcess
GetLastError
CreateMutexA
GetModuleFileNameA
FindClose
DeleteFileA
RemoveDirectoryA
SetFileAttributesA
GetDriveTypeA
FindFirstFileA
CopyFileA
ReadFile
LoadLibraryA
GetProcAddress
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
CreateFileA
CloseHandle
FindNextFileA
DeviceIoControl
FlushFileBuffers
SetStdHandle
SetFilePointer
HeapReAlloc
VirtualAlloc
WriteFile
RtlUnwind
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetFileType
ExitProcess
GetCurrentProcess
Sleep
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
SetEndOfFile

user32

LoadIconA
LoadStringA
GetMessageA
LoadCursorA
RegisterClassExA
DefWindowProcA
CreateWindowExA

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

shell32

DoEnvironmentSubstA

psapi

GetModuleBaseNameA
EnumProcessModules
EnumProcesses

ws2_32

WSAStartup
gethostname
WSACleanup
inet_ntoa
gethostbyname

shlwapi

PathFileExistsA

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

930e7c6c3ce169bb06a41b994cb139ed

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

psapi

ws2_32

shlwapi

Sections

.text Size: 32KB - Virtual size: 28KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 16KB

.rsrc Size: 4KB - Virtual size: 816B

.text
Size: 32KB - Virtual size: 28KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 16KB

.rsrc
Size: 4KB - Virtual size: 816B