3b6404e9222c7e14b900a8303dce35a6_JaffaCakes118

General

Target

3b6404e9222c7e14b900a8303dce35a6_JaffaCakes118
Size

39KB
MD5

3b6404e9222c7e14b900a8303dce35a6
SHA1

30424e2aa44da046e91f117f36b9df9edf2e9ef6
SHA256

86b6362ff28e6fa01e4d465de6de5fc22c11a6ab1e6e96dfdbabaa62fbefb1c3
SHA512

fb79c7e0707d6dcd92e1a197ba1498b3a4b79002e7a1b45bfc0cda27fa7308e26c8f98be558f7c7f8d6e4628eb3830e549826b8a56fafc1aafae1384e96e86b0
SSDEEP

768:+l4eoQGWjKqor3WK8Qtg4GTT2CScuCT9oCsW:veoQNjK/rnE2oXoCsW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3b6404e9222c7e14b900a8303dce35a6_JaffaCakes118

Files

3b6404e9222c7e14b900a8303dce35a6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3c3eaf60135edcf324c33cf05474abd7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

getsockname
inet_addr
gethostbyname
WSACleanup
closesocket
recv
select
send
htons
socket
connect
WSAStartup

user32

FindWindowA
CharLowerA

advapi32

RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
GetUserNameA
RegDeleteKeyA

shlwapi

PathRemoveFileSpecA

shell32

ShellExecuteA

kernel32

GetACP
GetCPInfo
FlushFileBuffers
SetStdHandle
GetOEMCP
GetStringTypeA
MultiByteToWideChar
SetFilePointer
GetFileType
LoadLibraryA
SetEndOfFile
ReadFile
LCMapStringA
LCMapStringW
GetStringTypeW
WaitForSingleObject
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
CreateThread
Sleep
ReleaseMutex
GetTickCount
CreateMutexA
ExitThread
GetLastError
CopyFileA
SetFileAttributesA
GetFileAttributesA
lstrcmpiA
GetWindowsDirectoryA
GetModuleFileNameA
GetModuleHandleA
OpenMutexA
SetErrorMode
Process32Next
Process32First
CreateToolhelp32Snapshot
GetVersionExA
GetLocaleInfoA
TerminateThread
CloseHandle
CreateProcessA
ExitProcess
GetTempPathA
GetProcAddress
lstrlenA
DeleteFileA
WriteFile
CreateFileA
lstrcpynA
CreateDirectoryA
GetDriveTypeA
GetLogicalDriveStringsA
HeapAlloc
RtlUnwind
GetStartupInfoA
GetCommandLineA
GetVersion
HeapDestroy
HeapCreate
VirtualFree
HeapFree
VirtualAlloc
HeapReAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3c3eaf60135edcf324c33cf05474abd7

Headers

File Characteristics

Imports

ws2_32

user32

advapi32

shlwapi

shell32

kernel32

Sections

.text Size: 30KB - Virtual size: 29KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 5KB - Virtual size: 13KB

.text
Size: 30KB - Virtual size: 29KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 5KB - Virtual size: 13KB