2f3d372c9684999f31a335e6653ee1c1_JaffaCakes118

General

Target

2f3d372c9684999f31a335e6653ee1c1_JaffaCakes118
Size

15KB
MD5

2f3d372c9684999f31a335e6653ee1c1
SHA1

b1ae63a87cf9ed4945605712bcd36021b9111f2c
SHA256

af9cf11ee5ca86dc049a9f6fe7bc51ca1b902075a86bce865f2bfc7fde871617
SHA512

ac5454e2e12ba268ca507bdfcfa382007d9d3fffe7f732aad79b28553dc23a30bf355cea84482c192870efa41bfdb1aa8b893e63b4465d47fc1ba96440276aaf
SSDEEP

384:RZtFLnYRJbeWBumjJ0UR6607chAmonD7/s3Oh:HtNnYOW7eGD07HRnDzs3Oh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2f3d372c9684999f31a335e6653ee1c1_JaffaCakes118

Files

2f3d372c9684999f31a335e6653ee1c1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4c88721f078a5b63663a0a7ae5f13f39

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CreateStreamOnHGlobal

kernel32

GlobalFree
FileTimeToLocalFileTime
CloseHandle
CompareStringA
CreateDirectoryA
CreateFileA
CreateFileMappingA
CreateThread
DeleteFileA
lstrlenA
lstrcpyA
lstrcmpiA
lstrcmpA
lstrcatA
WriteFile
UnmapViewOfFile
Sleep
SetFilePointer
RtlMoveMemory
RemoveDirectoryA
ReadFile
MoveFileA
MapViewOfFile
LocalFree
LocalAlloc
LoadLibraryA
FileTimeToSystemTime
GlobalAlloc
GetVolumeInformationA
GetProcAddress
GetModuleFileNameA
GetLogicalDrives
GetLocalTime
GetLastError
GetFileSize
GetFileAttributesA
GetCurrentProcess
GetComputerNameA
FindNextFileA
FindFirstFileA
FindClose
ExitProcess

user32

ReleaseDC
wsprintfA

oleaut32

SafeArrayCreateVector
SafeArrayUnaccessData
SafeArrayAccessData

advapi32

AdjustTokenPrivileges
GetUserNameA
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegEnumValueA
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

shlwapi

StrStrIA

shell32

ShellExecuteA

wsock32

send
recv
listen
htons
getsockname
socket
connect
closesocket
bind
accept
WSAStartup

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4c88721f078a5b63663a0a7ae5f13f39

Headers

File Characteristics

Imports

ole32

kernel32

user32

oleaut32

advapi32

shlwapi

shell32

wsock32

Sections

.text Size: 9KB - Virtual size: 9KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 3KB - Virtual size: 150KB

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 3KB - Virtual size: 150KB