37b5d939400e235d60cfb570b5a9b764_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

37b5d939400e235d60cfb570b5a9b764_JaffaCakes118
Size

21KB
MD5

37b5d939400e235d60cfb570b5a9b764
SHA1

251a50909d80adb27845ce4a189bcf716fcb1838
SHA256

7656f7141f989731b5c94f80f683d08663d59e9b254f3e7cd5bac5ee273139f4
SHA512

9b88191c5c92046b546f535441ab7de1d5ebad42ec8f9ad166cdc8dbb20bdbaa30c303135005da1dd7418a92a3fc4f04d9e5ae5951dfc45d6d7b65de9b350bbb
SSDEEP

384:gRa9ocCD/kvrhFg/fEGqr66YG7IYNrjg1o6qFt2ORHAXX25vRDSZbxZ:gR+onQrhOfp/G7TNI1oTKcHoGVFSZD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
37b5d939400e235d60cfb570b5a9b764_JaffaCakes118

Files

37b5d939400e235d60cfb570b5a9b764_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b50f3541a0a453d45397f090fcb51b99

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

sscanf
fread
fopen
sprintf
fclose
strtoul
_access
mbstowcs
strncat
wcslen
wcscpy
malloc
free
strstr
_snprintf
rand
vsprintf
srand
strncpy
strtok
atoi

kernel32

GetFileAttributesA
DeleteFileA
MultiByteToWideChar
WriteFile
CreateThread
Sleep
CreateMutexA
SetFileAttributesA
CopyFileA
GetSystemDirectoryA
GetModuleFileNameA
GetModuleHandleA
ExitProcess
GetProcAddress
LoadLibraryA
GetTickCount
lstrcmpA
GetLocaleInfoA
GetLastError
CloseHandle
WaitForSingleObject
lstrcmpiA
OpenProcess
ExitThread
LocalFree
LocalAlloc
CreateProcessA
WinExec
GetEnvironmentVariableA
lstrcatA
lstrcpyA
MoveFileExA
GetShortPathNameA
CreateFileA
lstrcpynA
lstrlenA
WideCharToMultiByte

user32

wsprintfA
FindWindowA

ws2_32

connect
getsockname
closesocket
select
socket
gethostbyname
WSAStartup
WSACleanup
htons
ioctlsocket
__WSAFDIsSet
recv
send
inet_addr
htonl
accept
setsockopt
bind
inet_ntoa
listen

advapi32

StartServiceCtrlDispatcherA
CloseServiceHandle
EnumServicesStatusA
OpenSCManagerA
SetServiceStatus
RegisterServiceCtrlHandlerA
ImpersonateLoggedOnUser
OpenProcessToken
CreateServiceA
StartServiceA
OpenServiceA
UnlockServiceDatabase
ChangeServiceConfig2A
QueryServiceLockStatusA
LockServiceDatabase
DeleteService

shell32

ShellExecuteA

urlmon

URLDownloadToFileA

mpr

WNetAddConnection2A
WNetCancelConnection2A

netapi32

NetUserEnum
NetRemoteTOD
NetScheduleJobAdd
NetApiBufferFree

psapi

EnumProcessModules
EnumProcesses
GetModuleBaseNameA

Sections

.bss
Size: - Virtual size: 82B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b50f3541a0a453d45397f090fcb51b99

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

ws2_32

advapi32

shell32

urlmon

mpr

netapi32

psapi

Sections

.bss Size: - Virtual size: 82B

.data Size: 20KB - Virtual size: 19KB

.bss
Size: - Virtual size: 82B

.data
Size: 20KB - Virtual size: 19KB