35f5acb361c95e53e28279fdd3f32032_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

35f5acb361c95e53e28279fdd3f32032_JaffaCakes118
Size

15KB
MD5

35f5acb361c95e53e28279fdd3f32032
SHA1

7333af4e44a2f4573bf75107f2ac3939dc9cf955
SHA256

d8edcf5d278bbe7f4a50f7316ad05384cbb240a5fa1e2e68304449e0f96646e7
SHA512

9103d19a0ff3938789a492f40a9ba22bf21c69adc2c83ea9b864177f21eaa4d941633142f3443aec3057a0c57d8d4232df37bde7fec23649a4602b47bd534404
SSDEEP

384:TE22z9IxQGWM1h0DsXfecnFcC3oeuh+x1kJWf8FfW:TE22z9IxVWq6sfTneWoexkjF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
35f5acb361c95e53e28279fdd3f32032_JaffaCakes118

Files

35f5acb361c95e53e28279fdd3f32032_JaffaCakes118
.exe windows:4 windows x86 arch:x86

67338782c1cc0c0b394afc3ed717cb4a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForMultipleObjects
CreateThread
CreateProcessA
DuplicateHandle
GetCurrentProcess
ExitThread
ReadFile
PeekNamedPipe
GetVolumeInformationA
LeaveCriticalSection
EnterCriticalSection
WaitForSingleObject
SetFilePointer
TerminateProcess
CreateFileA
SetEvent
WriteFile
DeleteCriticalSection
InitializeCriticalSection
CreateEventA
Process32Next
Process32First
CreateToolhelp32Snapshot
GetVersionExA
GetLastError
OpenProcess
GetModuleHandleA
Sleep
TerminateThread
DisconnectNamedPipe
CreatePipe
GetFileSize
CloseHandle
GetStartupInfoA

wininet

InternetOpenA
InternetSetCookieA
HttpSendRequestExA
InternetWriteFile
InternetConnectA
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestA
HttpQueryInfoA
InternetCloseHandle
InternetReadFile
HttpEndRequestA

msvcrt

_initterm
_controlfp
_except_handler3
srand
time
free
malloc
strncpy
sprintf
??3@YAXPAX@Z
??2@YAPAXI@Z
atoi
atof
_beginthread
_beginthreadex
strrchr
strncmp
_ftol
_exit
_XcptFilter
exit
_acmdln
__getmainargs
rand
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type

advapi32

AdjustTokenPrivileges
OpenProcessToken
LookupAccountSidA
GetTokenInformation
LookupPrivilegeValueA

urlmon

URLDownloadToFileA

ws2_32

WSACleanup
gethostbyname
WSAStartup
inet_ntoa

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 708B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

67338782c1cc0c0b394afc3ed717cb4a

Headers

File Characteristics

Imports

kernel32

wininet

msvcrt

advapi32

urlmon

ws2_32

Sections

.text Size: 9KB - Virtual size: 9KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 1024B - Virtual size: 708B

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 1024B - Virtual size: 708B

.rsrc
Size: 1KB - Virtual size: 1KB