3bfa7b806ff540cc1c264ec75048fbc4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3bfa7b806ff540cc1c264ec75048fbc4_JaffaCakes118
Size

60KB
MD5

3bfa7b806ff540cc1c264ec75048fbc4
SHA1

f29a40d0035ac4c67aac2144ba1a23747da2b233
SHA256

03ba0e7f57353825249d01b983e76c1dbcb6b0a6e6f4180443f65ba7b84d62c5
SHA512

23368cda396199c188a6b0cc7555fa8422cc6d41a6bdafdec860dad5e057c0d0d36dd2b6194991b78e3bab6d5f6d058518d16654afdbf04a740048395e3a31ad
SSDEEP

768:f8v6MvfwPpe5cuvy5Di4nPloT4oXqs8SH1epHi84W3tgn+OVVZToP:Ev6tuca8SHopcehsoP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3bfa7b806ff540cc1c264ec75048fbc4_JaffaCakes118

Files

3bfa7b806ff540cc1c264ec75048fbc4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

545d5af8d1fcb2cf743ce354d0b9ae78

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpyW
Process32FirstW
CreateToolhelp32Snapshot
OpenProcess
TerminateProcess
GetDiskFreeSpaceExW
GetDriveTypeW
FindClose
FindNextFileW
FindFirstFileW
lstrcatW
lstrlenW
GetFileSize
CreateFileW
ReadFile
CreateProcessA
MoveFileA
CreateDirectoryW
MultiByteToWideChar
lstrlenA
Process32NextW
WideCharToMultiByte
GetComputerNameW
GetVersionExW
GlobalMemoryStatus
CreateThread
CreateEventW
SetEvent
WriteFile
GetLastError
PeekNamedPipe
CreateProcessW
GetSystemDirectoryW
GetStartupInfoW
CreatePipe
GetCurrentProcess
IsBadWritePtr
HeapReAlloc
VirtualAlloc
CloseHandle
WaitForSingleObject
Sleep
lstrcpyA
GetTickCount
VirtualFree
LCMapStringW
LCMapStringA
SetEndOfFile
LoadLibraryA
GetProcAddress
HeapCreate
HeapDestroy
RaiseException
ExitProcess
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetVersion
GetStringTypeA
SetStdHandle
FlushFileBuffers
SetFilePointer
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
HeapSize
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
LocalFree
RtlUnwind
HeapFree
HeapAlloc
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
UnhandledExceptionFilter

user32

GetDesktopWindow
wsprintfW
MessageBoxA

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegEnumKeyExW

shell32

ShellExecuteA
SHFileOperationW

ole32

CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

SysAllocString
SysFreeString
SysStringLen
VariantClear

ws2_32

socket
htons
htonl
select
WSACleanup
inet_ntoa
closesocket
getpeername
ntohs
ntohl
WSACreateEvent
WSAStartup
gethostbyname
send
recv
connect
inet_addr

psapi

EnumProcessModules
GetModuleFileNameExW

Sections

.text
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

545d5af8d1fcb2cf743ce354d0b9ae78

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

ws2_32

psapi

Sections

.text Size: 49KB - Virtual size: 48KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 10KB

.text
Size: 49KB - Virtual size: 48KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 10KB