38d27cf063d2cb430cb5a3bc5546c967_JaffaCakes118

General

Target

38d27cf063d2cb430cb5a3bc5546c967_JaffaCakes118
Size

40KB
MD5

38d27cf063d2cb430cb5a3bc5546c967
SHA1

3acdce907ec2afb477a30d9e11ccd5286983e88b
SHA256

8516dd0651cd9b1b2688dcb54fa6f5984c16889b5174d1ce61593c22edfb6569
SHA512

e443b1d00c501dfd7e4bfffa242345b966d70f5adf9cf16e45a08cc76a952c972e0a72ee752f4f361fabd6b6274e0ec82459e6d7c6936375a21312bd0eeb5d09
SSDEEP

768:rExsNSSqaejc8lu2Rjs9J/0HWCzwQvizv9NH9XRV7NDiMB1WqpNkQI16U5XwjrKs:wLSeAuerI1/AjjOvY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
38d27cf063d2cb430cb5a3bc5546c967_JaffaCakes118

Files

38d27cf063d2cb430cb5a3bc5546c967_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a4c1695774f66bf6c9acf71622492cc6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
GetModuleHandleA
GetModuleFileNameA
CreateRemoteThread
OpenProcess
lstrlenA
SetFilePointer
TerminateThread
WriteFile
Process32Next
Process32First
CreateToolhelp32Snapshot
TerminateProcess
ExitThread
GetComputerNameA
GlobalMemoryStatus
GetVersionExA
GetCurrentProcessId
VirtualFree
VirtualAlloc
GetPriorityClass
ResumeThread
CloseHandle
CreateProcessA
DeleteFileA
LoadLibraryA
GetProcAddress
GetTickCount
GetTempPathA
GetStdHandle
SetConsoleTextAttribute
CreateMutexA
Sleep
GetLastError
lstrcmpiA
ExitProcess
CreateThread
GetCurrentProcess
SetLastError

user32

GetActiveWindow
DispatchMessageA
SetKeyboardState
CallNextHookEx
PeekMessageA
SetWindowsHookExA
UnhookWindowsHookEx
GetWindowTextA
GetMessageA
ToAscii
GetKeyboardState
GetKeyNameTextA
wsprintfA

advapi32

RegCreateKeyExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegDeleteValueA
OpenServiceA
CloseServiceHandle
OpenSCManagerA
DeleteService
ControlService
GetUserNameA
RegCloseKey

shell32

ShellExecuteA

msvcrt

fopen
fread
fclose
srand
rand
sprintf
printf
strstr
atoi
strncpy
strtok

shlwapi

PathStripPathA

wininet

InternetGetConnectedStateEx
InternetGetConnectedState

ws2_32

WSAEnumNetworkEvents
WSAWaitForMultipleEvents
recv
connect
WSAEventSelect
WSACreateEvent
socket
htons
gethostbyname
WSAStartup
getsockname
gethostname
inet_ntoa
WSAResetEvent
bind
WSAIoctl
WSASocketA
accept
listen
setsockopt
sendto
recvfrom
closesocket
WSACloseEvent
send
getpeername
ntohs
shutdown

Sections

.data
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a4c1695774f66bf6c9acf71622492cc6

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

msvcrt

shlwapi

wininet

ws2_32

Sections

.data Size: 31KB - Virtual size: 31KB

.rsrc Size: 8KB - Virtual size: 7KB

.data
Size: 31KB - Virtual size: 31KB

.rsrc
Size: 8KB - Virtual size: 7KB