36dec0d66a8930e821bfdb33336c4530_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

36dec0d66a8930e821bfdb33336c4530_JaffaCakes118
Size

44KB
MD5

36dec0d66a8930e821bfdb33336c4530
SHA1

360ed34ef4bd9c5b3cbaae60ffb9801222c993a1
SHA256

f0bff93f52bfaab924315d428bd26c7dfacd7e5b7e2632f47aecee453058ad05
SHA512

fe18013fcb768b87cd091ebe57dd41c50bb1ee4b247c70c8cee97aade24c9b6920a269b31773e0817ea9ca64ac22cd789887d363d35a7274ba32f716c5ccb3b4
SSDEEP

768:xENz1P8QWK6IPTxzA9UqwswbuqUcjNgOkVU2R01MuS3l7f/uWthzZqYKyLASVYxI:2r8i69t7SxSRS0JDMYSm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
36dec0d66a8930e821bfdb33336c4530_JaffaCakes118

Files

36dec0d66a8930e821bfdb33336c4530_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ad7edc15958dd59ed0a3b1134381b922

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
GetModuleHandleA
OpenProcess
GetModuleFileNameA
lstrlenA
SetFilePointer
WriteFile
GetCurrentProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
TerminateProcess
LeaveCriticalSection
EnterCriticalSection
ExitThread
InitializeCriticalSection
DeleteCriticalSection
GetComputerNameA
GlobalMemoryStatus
GetVersionExA
GetFileSize
CloseHandle
CreateProcessA
DeleteFileA
LoadLibraryA
GetProcAddress
GetTickCount
GetTempPathA
GetStdHandle
SetConsoleTextAttribute
CreateMutexA
GetLastError
ExitProcess
CreateThread
Sleep
lstrcmpiA
TerminateThread

user32

ToAscii
GetKeyboardState
GetKeyNameTextA
wsprintfA
GetWindowTextA
CallNextHookEx
GetActiveWindow
DispatchMessageA
SetKeyboardState
GetMessageA
PeekMessageA
SetWindowsHookExA
UnhookWindowsHookEx

advapi32

OpenProcessToken
LookupPrivilegeValueA
RegCloseKey
RegCreateKeyExA
RegDeleteValueA
OpenServiceA
CloseServiceHandle
OpenSCManagerA
DeleteService
ControlService
GetUserNameA
AdjustTokenPrivileges

shell32

ShellExecuteA

msvcrt

printf
fopen
fread
fclose
sscanf
srand
rand
strtok
strncpy
atoi
sprintf
strstr

shlwapi

PathStripPathA

wininet

InternetGetConnectedStateEx
InternetGetConnectedState

ws2_32

send
WSACloseEvent
closesocket
shutdown
getpeername
WSAResetEvent
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
recv
connect
WSAEventSelect
WSACreateEvent
socket
htons
gethostbyname
WSAStartup
getsockname
gethostname
inet_ntoa
select
ioctlsocket
inet_addr
htonl
ntohs
bind
WSAIoctl
WSASocketA
accept
listen
setsockopt
sendto
recvfrom
WSACleanup

Sections

.data
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ad7edc15958dd59ed0a3b1134381b922

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

msvcrt

shlwapi

wininet

ws2_32

Sections

.data Size: 40KB - Virtual size: 40KB

.rsrc Size: 3KB - Virtual size: 3KB

.data
Size: 40KB - Virtual size: 40KB

.rsrc
Size: 3KB - Virtual size: 3KB