35cfe664eac7dfc2a31fa9980fea8c12_JaffaCakes118

General

Target

35cfe664eac7dfc2a31fa9980fea8c12_JaffaCakes118
Size

83KB
MD5

35cfe664eac7dfc2a31fa9980fea8c12
SHA1

3ab71dc85f1b1dde8ab2dcf9cf37a4cc40646f6b
SHA256

3f03b968003fbcec091f9c50c89fe546455dda1b3d1c9c32bd2cd67354a84beb
SHA512

8239d4e62461ac4e0d73176c52afcedecb88fbb9367ec4405edfc1ee98673908d5c2eec1ff411f5fdd98c1ac1a332b0bbefb5e4821e022425c69a7f32bcc074d
SSDEEP

1536:PaU2lPnYZRj2FAW9kzx2IQs1qU5FbJgn6:PaU2YSFSxrH1qU5Xgn6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
35cfe664eac7dfc2a31fa9980fea8c12_JaffaCakes118

Files

35cfe664eac7dfc2a31fa9980fea8c12_JaffaCakes118
.exe windows:4 windows x86 arch:x86

11d6df77771d9976b454f1a1083c8c0d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
FreeLibrary
FindFirstFileA
CopyFileA
FindNextFileA
CreateThread
lstrlenA
WinExec
GetModuleFileNameA
GetModuleHandleA
GetVersionExA
FormatMessageA
CreateFileA
WriteFile
CloseHandle
GetTickCount
GetSystemDirectoryA
FindClose
SetEnvironmentVariableA
GetVersion
GetCommandLineA
CompareStringA
FlushFileBuffers
SetStdHandle
GetOEMCP
GetACP
GetCPInfo
SetFilePointer
GetLastError
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetFileType
GetStdHandle
SetHandleCount
CompareStringW
Sleep
WideCharToMultiByte
RtlUnwind
HeapFree
HeapAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetStartupInfoA
GetEnvironmentStringsW
VirtualFree
VirtualAlloc
MultiByteToWideChar
LCMapStringA
LCMapStringW
HeapDestroy
HeapCreate
FreeEnvironmentStringsW
HeapReAlloc
IsBadWritePtr
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings

advapi32

RegDeleteValueA
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA

wsock32

bind
listen
send
gethostbyaddr
WSAStartup
inet_addr
gethostbyname
getsockname
inet_ntoa
WSACleanup
closesocket
__WSAFDIsSet
recv
ioctlsocket
select
socket
htons
sendto
connect
setsockopt
accept

Sections

code
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

11d6df77771d9976b454f1a1083c8c0d

Headers

File Characteristics

Imports

kernel32

advapi32

wsock32

Sections

code Size: 80KB - Virtual size: 80KB

.avp Size: 2KB - Virtual size: 4KB

code
Size: 80KB - Virtual size: 80KB

.avp
Size: 2KB - Virtual size: 4KB