30f774eb84a8ec9773d6238810abce29_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

30f774eb84a8ec9773d6238810abce29_JaffaCakes118
Size

74KB
MD5

30f774eb84a8ec9773d6238810abce29
SHA1

e7ab48e51128936b77ac1ac93335567582bca6cf
SHA256

8dfd63ba65ea85dd2125d803e18fa3a689e531a9e896d49b7a714f6dedb512e4
SHA512

90917e6bd86bd5eff00e16db3f7b5967a3de910f2836d270eff82bc3c27ae3c5b615ee94427f72928b869ad3e33a2db6e086d0f16651d5b4b4ada18d05cbc67a
SSDEEP

1536:JcKQZXpJWrIH8EjBwcoHuRDTWOYJGKr3dWTHO6VIb+xo014:GXu4jCARDTWJEKr3dWTuKxoF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
30f774eb84a8ec9773d6238810abce29_JaffaCakes118

Files

30f774eb84a8ec9773d6238810abce29_JaffaCakes118
.exe windows:4 windows x86 arch:x86

17c94c756f8f0ed571416fc69830dc68

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Module32First
Process32First
CreateToolhelp32Snapshot
TerminateProcess
OpenProcess
Sleep
DeleteFileA
CreateMutexA
CopyFileA
CreateDirectoryA
GetWindowsDirectoryA
CreateThread
MoveFileExA
MoveFileA
GetFileSize
GlobalMemoryStatus
GetVersionExA
GetComputerNameA
Process32Next
HeapAlloc
GetProcessHeap
GetCurrentProcessId
GetCurrentThreadId
SetStdHandle
GetOEMCP
GetACP
GetCPInfo
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
LoadLibraryA
GetProcAddress
FreeLibrary
GetCurrentProcess
GetModuleFileNameA
lstrcpyA
lstrcatA
CreateFileA
WriteFile
ReadFile
WinExec
ExitProcess
SetFileAttributesA
FindFirstFileA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetLastError
FindNextFileA
FindClose
GetDriveTypeA
CreatePipe
GetStartupInfoA
GetSystemDirectoryA
CreateProcessA
CloseHandle
GetTickCount
MultiByteToWideChar
SetFilePointer
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
HeapSize
HeapCreate
HeapDestroy
GetEnvironmentVariableA
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapReAlloc
HeapFree
RtlUnwind
GetModuleHandleA
GetCommandLineA
GetVersion
FlushFileBuffers

user32

ExitWindowsEx
GetSystemMetrics
SetThreadDesktop
OpenDesktopA
SetProcessWindowStation
OpenWindowStationA
GetThreadDesktop
GetProcessWindowStation
CloseDesktop
CloseWindowStation
wsprintfA

advapi32

QueryServiceStatus
LookupPrivilegeValueA
OpenProcessToken
SetServiceStatus
RegisterServiceCtrlHandlerA
RegRestoreKeyA
RegOpenKeyExA
CloseServiceHandle
ControlService
ChangeServiceConfigA
StartServiceCtrlDispatcherA
StartServiceA
OpenSCManagerA
OpenServiceA
AdjustTokenPrivileges

gdi32

DeleteDC
GetDIBits
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCA
DeleteObject

shell32

SHGetFileInfoA
ShellExecuteA

ws2_32

sendto
WSASocketA
send
gethostbyname
inet_addr
shutdown
recv
closesocket
connect
socket
htons
WSAStartup
htonl
setsockopt

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

17c94c756f8f0ed571416fc69830dc68

Headers

File Characteristics

Imports

kernel32

user32

advapi32

gdi32

shell32

ws2_32

Sections

.text Size: 44KB - Virtual size: 43KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 20KB - Virtual size: 25KB

.text Size: 512B - Virtual size: 512B

.text
Size: 44KB - Virtual size: 43KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 20KB - Virtual size: 25KB

.text
Size: 512B - Virtual size: 512B