38ab72d059e1700cae21e4edc5ba64de_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

38ab72d059e1700cae21e4edc5ba64de_JaffaCakes118
Size

28KB
MD5

38ab72d059e1700cae21e4edc5ba64de
SHA1

9a7eef939bc60985df8fda277a30dfa9dd13ef56
SHA256

c3f3500593e8850fb3b20b23103adf9baef9ada26b4bfe997a15eca824d3e284
SHA512

43536e34a2523906c1dfa11d40f5d8084c73e9367f42cc9b7c30d6e49722f245e1e5c51686005235f90ccf13e3b24010bd0c0a3d0b379a89d7ce49697c472fa3
SSDEEP

768:r5JdUCLNKCC9seOA4gNjmll2Ptm9oBprTOcrnI1:tUYNS4lM2oBFrnI1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
38ab72d059e1700cae21e4edc5ba64de_JaffaCakes118

Files

38ab72d059e1700cae21e4edc5ba64de_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4a9f2e75045ddac146492dba2e645a73

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
Sleep
GetSystemWindowsDirectoryA
GetSystemDirectoryA
VirtualQueryEx
ReadProcessMemory
GetThreadContext
CreateProcessA
TerminateProcess
ResumeThread
SetThreadContext
WriteProcessMemory
GetProcAddress
GetModuleHandleA
VirtualProtectEx
VirtualAllocEx
VirtualAlloc
lstrcatA
FreeLibrary
LoadLibraryA
SetFileAttributesA
GetModuleFileNameA
GetLastError
CloseHandle
ReleaseMutex
OpenMutexA
WinExec
GetTempPathA
GetCurrentProcess
CreateThread
SetThreadPriority
GetCurrentThread
SetPriorityClass
lstrcpyA
GetEnvironmentVariableA
GetShortPathNameA
WaitForSingleObject
ExitProcess
CreateMutexA
OutputDebugStringA
lstrlenA
CopyFileA
GlobalMemoryStatusEx
GetVersionExA
GetSystemDefaultUILanguage
LocalAlloc
RaiseException
InterlockedExchange
GetStartupInfoA

shell32

ShellExecuteA

ws2_32

__WSAFDIsSet
WSAIoctl
gethostname
send
recv
select
setsockopt
WSACleanup
WSASocketA
sendto
inet_addr
gethostbyname
socket
htons
connect
closesocket
WSAStartup
htonl

wininet

InternetReadFile
InternetCloseHandle
InternetOpenUrlA
InternetOpenA

msvcrt

_itoa
_controlfp
_strlwr
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
_except_handler3
strncmp
exit
strncpy
strcspn
rand
strstr
atoi
sprintf
strchr
srand
malloc
??2@YAPAXI@Z
fread
ftell
fseek
fclose
fopen

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4a9f2e75045ddac146492dba2e645a73

Headers

File Characteristics

Imports

kernel32

shell32

ws2_32

wininet

msvcrt

Sections

.text Size: 19KB - Virtual size: 19KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 3KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 19KB - Virtual size: 19KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB