2afd7b79137fa9305bf7e3880fe0dcbc_JaffaCakes118

General

Target

2afd7b79137fa9305bf7e3880fe0dcbc_JaffaCakes118
Size

180KB
MD5

2afd7b79137fa9305bf7e3880fe0dcbc
SHA1

fe940dfd62bb1191698227d574d0e8b20dfe545b
SHA256

285a1448ee16fc076e6648f0889a09b0f141991541887175e3d8c5ee801f1ed5
SHA512

8082faaff8c285171570a1084fafa8473d4ebea17986c36234e9469d4579b6bdcd2a7c43fba6b864fced479468473f49647cfc6505e20015183866949fdf0ab6
SSDEEP

3072:M+TnUjEWv2KoRzt52CgHxlNAhQV3TiTeKMOeMLrd:MsUjE13f4NkYDiqKdeMnd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2afd7b79137fa9305bf7e3880fe0dcbc_JaffaCakes118

Files

2afd7b79137fa9305bf7e3880fe0dcbc_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f0e9ae7b8dbcc1a751c9b710b2fad61a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStringTypeA
LoadLibraryA
GetModuleFileNameA
GetThreadLocale
WideCharToMultiByte
GlobalAlloc
GetLastError
WriteFile
VirtualFree
VirtualAlloc
LCMapStringA
ReadFile
GetTimeZoneInformation
CreateProcessA
WaitForSingleObject
GetExitCodeProcess
GetCurrentDirectoryA
GetFullPathNameA
SetEnvironmentVariableW
FindFirstFileA
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
SetEndOfFile
LCMapStringW
HeapAlloc
HeapFree
ExitProcess
TerminateProcess
GetCurrentProcess
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
HeapDestroy
HeapCreate
SetStdHandle
UnhandledExceptionFilter
HeapReAlloc
GetProcAddress
GetStringTypeW
MultiByteToWideChar
CreateFileA
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetFileAttributesA
CloseHandle
GetCPInfo
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
CompareStringW
RtlUnwind
SetFilePointer
CompareStringA
SetEnvironmentVariableA
GetACP
GetOEMCP
FlushFileBuffers

user32

MessageBoxA

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListA

wsock32

ioctlsocket
closesocket
WSAStartup
WSAGetLastError
socket
bind
getsockname
listen
ntohs
accept
recv

Sections

.text
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f0e9ae7b8dbcc1a751c9b710b2fad61a

Headers

File Characteristics

Imports

kernel32

user32

shell32

wsock32

Sections

.text Size: 44KB - Virtual size: 42KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 128KB - Virtual size: 128KB

.text
Size: 44KB - Virtual size: 42KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 128KB - Virtual size: 128KB