30498b8c26f3f4ba10db2300fd3f95d8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

30498b8c26f3f4ba10db2300fd3f95d8_JaffaCakes118
Size

37KB
MD5

30498b8c26f3f4ba10db2300fd3f95d8
SHA1

8da2d295892a0b91fdf171d403452713da306421
SHA256

19720f94a3fcfa41f997d4b0da6d9b7f35ebeeb9003b64f523251bdbe2bd619b
SHA512

813cc1d4395a5209dbf80b0d14861f530aadb0284f235fae4b1715ca67745c2c020b167fb49bda94c75afd219291b1678799162e517047557c5a753a4e73d1d2
SSDEEP

768:7c59P+ZbdXr+vOoC+1+jEVwJiY6EIlVGWy9p6wmfWRC9wJI0lWY9pjti8C9n:7dUkIaj6wmOR2kVV9t3k

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
30498b8c26f3f4ba10db2300fd3f95d8_JaffaCakes118

Files

30498b8c26f3f4ba10db2300fd3f95d8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2faca031a47a46a13fd01345b5ac1047

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateThread
GetLastError
CopyFileA
SetFileAttributesA
GetFileAttributesA
lstrcmpiA
GetTempPathA
GetModuleFileNameA
GetModuleHandleA
CreateProcessA
ExitProcess
WriteFile
CreateFileA
ExpandEnvironmentStringsA
ExitThread
GlobalUnlock
GlobalLock
lstrlenA
CreateDirectoryA
lstrcatA
GetDriveTypeA
GetLogicalDriveStringsA
CreateMutexA
SetErrorMode
IsBadCodePtr
SetUnhandledExceptionFilter
RaiseException
LocalFree
ReadFile
SetEndOfFile
LoadLibraryA
GetProcAddress
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
CloseHandle
Sleep
GetVersionExA
GetLocaleInfoA
GlobalAlloc
GetTickCount
GetStringTypeA
FlushFileBuffers
SetStdHandle
SetFilePointer
RtlUnwind
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
LCMapStringW
LCMapStringA
MultiByteToWideChar
WideCharToMultiByte
HeapReAlloc
VirtualAlloc
HeapFree
VirtualFree
HeapCreate
HeapAlloc
GetStartupInfoA
GetCommandLineA
GetVersion
HeapDestroy

user32

SetClipboardData
FindWindowA
OpenClipboard
GetForegroundWindow
BlockInput
EmptyClipboard
keybd_event
VkKeyScanA
SetFocus
ShowWindow
SetForegroundWindow
wsprintfA
CloseClipboard

advapi32

RegDeleteKeyA
RegCreateKeyA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegOpenKeyA

shell32

ShellExecuteA

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

VariantClear
VariantInit
SysAllocString

ws2_32

connect
recv
select
gethostbyname
inet_addr
closesocket
WSACleanup
WSAStartup
send
socket
htons

shlwapi

PathRemoveFileSpecA

urlmon

URLDownloadToFileA

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2faca031a47a46a13fd01345b5ac1047

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

ws2_32

shlwapi

urlmon

Sections

.text Size: 27KB - Virtual size: 27KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 13KB

.text
Size: 27KB - Virtual size: 27KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 13KB