30bf071646543c84c74ebcc8546063e8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

30bf071646543c84c74ebcc8546063e8_JaffaCakes118
Size

20KB
MD5

30bf071646543c84c74ebcc8546063e8
SHA1

95fd1b38c8863694a5ab0f884f579d49ca075714
SHA256

ac41bec716648f6b81ec871eff9474e61dc49aa6e8b84174b3e10c3764e42de3
SHA512

08612d29fa08eb586fe5033797720a36f7d0f97432e1d412db275e7001843bee5a6a5588c80718b324ade1b5945da29929cb069bc27cd0ff6f5ad4652e481a74
SSDEEP

384:EInmln2Crps9yRuZaxaWeHMR7PjIdcKHYMr2zMqaC7wWD+oVJWBp:Lni2AmyayaxMR7PjkcKy3aUwO+AJWT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
30bf071646543c84c74ebcc8546063e8_JaffaCakes118

Files

30bf071646543c84c74ebcc8546063e8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

366fd49858dabe5d94cde99e453e28bf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

atoi
_fullpath
_access
__CxxFrameHandler
_except_handler3
strcmp
strstr
strncpy
_vsnprintf
sscanf
??2@YAPAXI@Z
_itoa
fgets
memcpy
fopen
fseek
fclose
_snprintf
memset
??3@YAXPAX@Z

kernel32

WriteFile
LoadLibraryA
RaiseException
InterlockedExchange
LocalAlloc
FreeLibrary
GetProcAddress
GetTickCount
GetExitCodeThread
TerminateThread
CreateThread
CreateMutexA
GetTempPathA
GetFileSize
SetFilePointer
FlushFileBuffers
SetEndOfFile
FindFirstFileA
FindNextFileA
FindClose
RemoveDirectoryA
CreateDirectoryA
GetSystemDirectoryA
CreateFileA
GetShortPathNameA
lstrcpyA
lstrlenA
GetVersionExA
CreateProcessA
Sleep
CloseHandle
WaitForSingleObject
GetModuleHandleA
CreateEventA
SetEvent
OpenEventA
GetCommandLineA
lstrcatA
GetModuleFileNameA
GetLastError
lstrcmpiA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetPrivateProfileSectionA
WritePrivateProfileSectionA
GetWindowsDirectoryA
MoveFileExA
DeleteFileA
GetTempFileNameA
SetFileAttributesA
GetFileAttributesA

shlwapi

StrStrA
PathFindExtensionA
StrTrimA
PathFindFileNameA
SHDeleteValueA
SHGetValueA
SHSetValueA
StrStrIA
StrRChrA
StrChrA
PathRemoveFileSpecA

wininet

InternetGetConnectedState
InternetCrackUrlA

setupapi

SetupIterateCabinetA

ws2_32

send
recv
ioctlsocket
connect
select
closesocket
htons
gethostbyname
WSACleanup
WSAStartup
socket

shell32

SHGetSpecialFolderPathA

Sections

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

www.xjzh
Size: 512B - Virtual size: 520B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

366fd49858dabe5d94cde99e453e28bf

Headers

File Characteristics

Imports

msvcrt

kernel32

shlwapi

wininet

setupapi

ws2_32

shell32

Sections

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 15KB - Virtual size: 15KB

www.xjzh Size: 512B - Virtual size: 520B

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 15KB - Virtual size: 15KB

www.xjzh
Size: 512B - Virtual size: 520B