2c9ba001fddc74ed6861ba2b21f57bb3_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2c9ba001fddc74ed6861ba2b21f57bb3_JaffaCakes118
Size

34KB
MD5

2c9ba001fddc74ed6861ba2b21f57bb3
SHA1

3caede5ea776cfd92438810b50df626f37b43bb8
SHA256

62fcdca5977dd032632fb09b00ce70da2521707a07ae68b83b3e09dc8bcc6421
SHA512

3b7b85d68c43f4506554c90fdabd8470a1899a279c53b28a8470bf253a76729d3dcf53c61be377cc52a76cef24adb30d552131935d17b9026aea1a6072f09aed
SSDEEP

768:sevKFo9OkkhNLUWd4jJxMFP9cL6eYl5z7x/zs3L:sevKF0XQNbd8JCFFe0x9zs3L

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2c9ba001fddc74ed6861ba2b21f57bb3_JaffaCakes118

Files

2c9ba001fddc74ed6861ba2b21f57bb3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5e9f8d764192a2147e699d9ffab23c0f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CreateStreamOnHGlobal
CoTaskMemFree

kernel32

lstrcpynA
lstrlenA
lstrlenW
CloseHandle
CompareStringA
CopyFileA
CreateDirectoryA
lstrcpyA
lstrcmpiA
lstrcmpA
lstrcatA
WriteFile
WideCharToMultiByte
UnmapViewOfFile
Sleep
SetFilePointer
CreateFileA
CreateFileMappingA
CreateThread
CreateToolhelp32Snapshot
DeleteFileA
RtlMoveMemory
RemoveDirectoryA
ReadFile
Process32Next
Process32First
OpenProcess
MultiByteToWideChar
MoveFileA
MapViewOfFile
LocalFree
LocalAlloc
LoadLibraryA
GlobalMemoryStatus
GlobalFree
GlobalAlloc
GetWindowsDirectoryA
GetVolumeInformationA
GetVersionExA
GetTempPathA
GetSystemDirectoryA
GetProcAddress
GetPrivateProfileStringA
GetPrivateProfileSectionNamesA
GetPrivateProfileIntA
GetModuleFileNameA
GetLogicalDrives
GetLocaleInfoA
GetLocalTime
GetFileSize
GetFileAttributesA
GetDriveTypeA
GetDiskFreeSpaceA
GetCurrentDirectoryA
GetComputerNameA
FindNextFileA
FindFirstFileA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
ExitThread
ExitProcess

user32

wsprintfA
GetDC
ReleaseDC

advapi32

RegCreateKeyA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegOpenKeyA
RegEnumValueA
RegEnumKeyExA
GetUserNameA

shlwapi

StrChrA
StrRChrA
StrCmpNA
StrStrIA

shell32

ShellExecuteA

wsock32

socket
shutdown
send
recv
listen
inet_addr
htons
getsockname
gethostname
gethostbyname
connect
closesocket
accept
WSAStartup
WSACleanup
bind

ws2_32

WSAIoctl

rasapi32

RasGetEntryPropertiesA
RasGetEntryDialParamsA
RasEnumEntriesA

gdi32

GetDeviceCaps

Sections

.PECO
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.PKLITE
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lcc
Size: 4KB - Virtual size: 5.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nfo
Size: 449B - Virtual size: 449B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5e9f8d764192a2147e699d9ffab23c0f

Headers

File Characteristics

Imports

ole32

kernel32

user32

advapi32

shlwapi

shell32

wsock32

ws2_32

rasapi32

gdi32

Sections

.PECO Size: 26KB - Virtual size: 25KB

.PKLITE Size: 3KB - Virtual size: 2KB

.lcc Size: 4KB - Virtual size: 5.2MB

.nfo Size: 449B - Virtual size: 449B

.PECO
Size: 26KB - Virtual size: 25KB

.PKLITE
Size: 3KB - Virtual size: 2KB

.lcc
Size: 4KB - Virtual size: 5.2MB

.nfo
Size: 449B - Virtual size: 449B