2b8c49b6a1a7169f121f1651c1dc13d3_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2b8c49b6a1a7169f121f1651c1dc13d3_JaffaCakes118
Size

80KB
MD5

2b8c49b6a1a7169f121f1651c1dc13d3
SHA1

515c7bb341d0bc06b1098903912d258fb62ce9b1
SHA256

d97168922febfc4320b1a275ea97a1d1664db3535b08aee2522d04717971d718
SHA512

aae4fd6fb8b0ef89c14d9d6eb6c928152b72cf0b3c893c4466677f829a87038a1f414534777f378d5e5eb5c6b21327eba0211df08d823e2fe4e417a699c6efa0
SSDEEP

1536:h2uIYFj3XJ5iVOUqBn1Rev7DvWwUAlXCZr7:EYp3XJuOrnrev76ElSZr7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b8c49b6a1a7169f121f1651c1dc13d3_JaffaCakes118

Files

2b8c49b6a1a7169f121f1651c1dc13d3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b4e8f97c7eb511b350d7f25ebf4a8b86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

tModuleFileNameA
eeLibrary
tProcAddress
tLocalTime
adLibraryA
tLastError
trcpyA
calFree
trcatA
tCurrentDirectoryA
tWindowsDirectoryA
trlenA
tCurrentThread
tThreadPriority
tACP
tComputerNameA
tDiskFreeSpaceA
tVersionExA
tSystemInfo
obalMemoryStatus
tSystemDirectoryA
pyFileA
itProcess
leteFileA
calAlloc
BadWritePtr
apReAlloc
leTimeToLocalFileTime
apFree
tCPInfo
tEnvironmentStrings
tEnvironmentStringsW
eeEnvironmentStringsA
handledExceptionFilter
eeEnvironmentStringsW
MapStringA
deCharToMultiByte
MapStringW
rtualAlloc
rtualFree
ltiByteToWideChar
apDestroy
iteFile
apCreate
mpareStringW
mpareStringA
tEndOfFile
tStringTypeW
tStringTypeA
tTimeZoneInformation
tEnvironmentVariableA
nExec
eateFileA
ushFileBuffers
tStdHandle
lUnwind
tFileType
tStdHandle
tHandleCount
tOEMCP
apAlloc
tModuleHandleA
eateDirectoryA
ndFirstFileA
ndNextFileA
leTimeToSystemTime
tVersion
tCommandLineA
adFile
tStartupInfoA
tCurrentProcess
tFilePointer
oseHandle
rminateProcess

user32

gisterClassA
eateWindowExA
ndMessageA
stQuitMessage
tMessageA
spatchMessageA
anslateMessage
ndWindowA
tTimer
tParent
tDesktopWindow
umChildWindows
llTimer
tClassNameA
tWindowLongA
fWindowProcA

advapi32

gQueryValueExA
gOpenKeyExA
gDeleteValueA
gCreateKeyA
tUserNameA
gSetValueExA

wsock32

inet_addr
WSAStartup
WSAIsBlocking
WSACancelBlockingCall
WSACleanup
getservbyname
htons
socket
connect
gethostbyname
select
closesocket
recv
WSAGetLastError
inet_ntoa
ioctlsocket
send

Sections

.avp
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 16KB - Virtual size: 276KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b4e8f97c7eb511b350d7f25ebf4a8b86

Headers

File Characteristics

Imports

kernel32

user32

advapi32

wsock32

Sections

.avp Size: 56KB - Virtual size: 60KB

.avp Size: 2KB - Virtual size: 4KB

.avp Size: 16KB - Virtual size: 276KB

.avp Size: 5KB - Virtual size: 8KB

.avp
Size: 56KB - Virtual size: 60KB

.avp
Size: 2KB - Virtual size: 4KB

.avp
Size: 16KB - Virtual size: 276KB

.avp
Size: 5KB - Virtual size: 8KB