34f51ded60c8620996bc9fc5cbfa1a37_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

34f51ded60c8620996bc9fc5cbfa1a37_JaffaCakes118
Size

20KB
MD5

34f51ded60c8620996bc9fc5cbfa1a37
SHA1

f5e583370342f1400842eeacfce8e545b52dedae
SHA256

9944d35e550fee8daae702bcc8482a946ea6eb0f7fcb3adfb29a5634865b6c4c
SHA512

f4bc958231fe2371d305981e8bd455c80a9414139bca55cf59e73d802c095eaf67da0c3e617b0f4b786c1d1e86e41b1650808fe2040dda6030eb890189e58dfa
SSDEEP

384:+FVhauVXjAezJtsf3Z8qczVJcNuPy/JvUHUgwoeamxGWTEP61UGH3:+F+ul3VtY8qchiNAyh8HUvoeVxjTEP8T

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
34f51ded60c8620996bc9fc5cbfa1a37_JaffaCakes118

Files

34f51ded60c8620996bc9fc5cbfa1a37_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f2f0fe2c4b8d89951016c781612220b2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Process32First
CreateToolhelp32Snapshot
lstrcpyA
lstrcatA
GetSystemDirectoryA
TerminateProcess
ResumeThread
SetThreadContext
WriteProcessMemory
VirtualAllocEx
GetProcAddress
GetModuleHandleA
lstrcmpiA
OpenProcess
LoadLibraryA
ReadProcessMemory
GetThreadContext
lstrlenA
GetTickCount
GlobalMemoryStatus
GetVersionExA
GetSystemInfo
GetComputerNameA
SetSystemTime
GetSystemTime
GetLogicalDriveStringsA
GetStartupInfoA
GetShortPathNameA
DeleteFileA
Process32Next
GetDriveTypeA
GetDiskFreeSpaceExA
CreateFileA
WriteFile
CreatePipe
GetCurrentProcess
DuplicateHandle
CreateProcessA
CloseHandle
ReadFile
GetLastError
TerminateThread
MoveFileA
CopyFileA
WinExec
ExitThread
Sleep
GetModuleFileNameA
CreateThread

user32

MessageBoxA

gdi32

GetDeviceCaps
CreateDCA

advapi32

ChangeServiceConfigA
StartServiceA
ControlService
QueryServiceStatus
DeleteService
CreateServiceA
RegOpenKeyA
RegSetValueExA
OpenSCManagerA
RegConnectRegistryA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
CloseServiceHandle
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
GetUserNameA
OpenServiceA

psapi

EnumProcessModules
GetProcessMemoryInfo
GetModuleFileNameExA

wininet

InternetCloseHandle
InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetGetConnectedState

ws2_32

setsockopt
WSAStartup
bind
listen
gethostbyname
inet_addr
htons
socket
connect
send
recv
closesocket
ioctlsocket
__WSAFDIsSet
select
ntohs
getsockname
getpeername
accept

iphlpapi

GetTcpTable
SetTcpEntry
GetIpAddrTable

msvcrt

_itoa
_controlfp
_ltoa
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
??3@YAXPAX@Z
_strdate
??2@YAPAXI@Z
__CxxFrameHandler
_chdir
_findfirst
_findnext
fread
ftell
fseek
_snprintf
fopen
fwrite
fclose
malloc
strncmp
atoi
strcpy
strtok
strstr
strlen
strcat
sprintf
memset
strcmp
atol
free
memcpy
strncpy

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f2f0fe2c4b8d89951016c781612220b2

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

psapi

wininet

ws2_32

iphlpapi

msvcrt

Sections

.text Size: 14KB - Virtual size: 14KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 1024B - Virtual size: 2KB

.text
Size: 14KB - Virtual size: 14KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 1024B - Virtual size: 2KB