2b59a9df1a4e3025a84910d1d2023f54_JaffaCakes118

General

Target

2b59a9df1a4e3025a84910d1d2023f54_JaffaCakes118
Size

74KB
MD5

2b59a9df1a4e3025a84910d1d2023f54
SHA1

0fb4ce2a434d320d078275446388124b12f1d6c2
SHA256

8ae0c9bba2b479ac8f2ca3fa5dc9e13038176c88b6750cf5a2a3b158db80fbc3
SHA512

9fd52c6e14a5941de8db30ae86d224e633c26b8bb2eaf20d053e6c4d05e377d53cc09b5bd25a71185ac45df8aa8a6fd5c767c31eb773e703e860cdc2d1e10a66
SSDEEP

768:/S9iNsIsonFDZ+2XZN/6HR9MaZVZFziyYS8BIJsyOGZ1rg02P1fY/:/lNsBR2Xj6HRLj7Y7BM7K5O

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b59a9df1a4e3025a84910d1d2023f54_JaffaCakes118

Files

2b59a9df1a4e3025a84910d1d2023f54_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6a82ca276151c7bd3538d4cce1776da9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
GetComputerNameA
WideCharToMultiByte
MultiByteToWideChar
SetFileTime
HeapFree
GetProcessHeap
SetEvent
HeapAlloc
GetWindowsDirectoryA
GetModuleFileNameA
GetModuleHandleA
GetVersion
CreateEventA
RemoveDirectoryW
GetStartupInfoA
RemoveDirectoryA
GetLogicalDriveStringsA
GetDriveTypeA
SetFileAttributesW
CreateDirectoryA
CreateDirectoryW
DeleteFileA
CloseHandle
DeleteFileW
MoveFileA
MoveFileW
GetCurrentDirectoryA
SetCurrentDirectoryA
GetCurrentProcess
GetLastError
GetVersionExA
SetFileAttributesA
WinExec
CreatePipe
CreateProcessA
GetCurrentThread
ReadFile
Sleep
WaitForSingleObject
WriteFile
TerminateProcess

advapi32

OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
LogonUserA
CreateProcessAsUserA
RegCloseKey
RegSetValueExA
RegCreateKeyExA

msvcrt

_strupr
__dllonexit
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
sscanf
time
srand
_gcvt
rand
_stricmp
vsprintf
free
malloc
_wfindfirst
wcscpy
wcscat
_wfindnext
_findfirst
strcat
_findnext
wcslen
swprintf
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_tell
__setusermatherr
_endthread
strcmp
strlen
??3@YAXPAX@Z
__CxxFrameHandler
_beginthread
memset
atoi
strcpy
??2@YAPAXI@Z
memcpy
_read
_eof
_lseek
_close
_write
_open
strncpy
sprintf
_atoi64
_lseeki64
_filelengthi64
_wopen
fclose
_findclose
_findnexti64
strftime
gmtime
_i64toa
_findfirsti64
_wfindnexti64
wcscmp
_wfindfirsti64

user32

ExitWindowsEx

ws2_32

setsockopt
bind
inet_addr
htons
socket
send
connect
recv
gethostbyname
WSAStartup
recvfrom
sendto
select
shutdown
ioctlsocket
htonl
gethostname
inet_ntoa
closesocket

Sections

VL�Y��
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6a82ca276151c7bd3538d4cce1776da9

Headers

File Characteristics

Imports

kernel32

advapi32

msvcrt

user32

ws2_32

Sections

VL�Y��� Size: 70KB - Virtual size: 70KB

VL�Y��
Size: 70KB - Virtual size: 70KB