3cfe2b21c1aeca65748f3dcac5c86bc2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3cfe2b21c1aeca65748f3dcac5c86bc2_JaffaCakes118
Size

46KB
MD5

3cfe2b21c1aeca65748f3dcac5c86bc2
SHA1

6714e093438684f8e3eb8584b03347be15bc4ec5
SHA256

19730a36f1fa7d6c76fee1c2d6edf7a2db6bca9c0ec40d154fc7ac227e32c7be
SHA512

97747b97d29061a8a7715cab7d600234cfc6c1fa98921aa488032276872de13a675e3bf3633e4e505ec1fbfec62a43a6acaa5221ac67ee442ff3c9a99db02fd0
SSDEEP

768:iu6rg8+UAq4OwSRNFdv7QuhQ0KTM/0V6xTXek96bzVDQ95yi7sQshvWJiyX8O7pB:iu6e8qQspWsyXz+FK1DBRSQt0evCq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3cfe2b21c1aeca65748f3dcac5c86bc2_JaffaCakes118

Files

3cfe2b21c1aeca65748f3dcac5c86bc2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

70fbfbfd2e9c9d8f9f53fb36549ec897

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memcpy
??3@YAXPAX@Z
??2@YAPAXI@Z
fopen
fgets
fclose
fprintf
exit
toupper
_ftol
ceil
getenv
strcmp
strncpy
_beginthread
strstr
srand
rand
_snprintf
memset
_vsnprintf
strncat
strlen

kernel32

FreeLibrary
LoadLibraryA
GetProcAddress
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
OpenProcess
TerminateProcess
lstrcmpiA
GetLogicalDriveStringsA
GetDriveTypeA
lstrcatA
CreateDirectoryA
CreateFileA
WriteFile
WinExec
GetComputerNameA
GetLocaleInfoA
GetTickCount
Sleep
WaitForSingleObject
CreateMutexA
GetLastError
CopyFileA
SetFileAttributesA
SetErrorMode
GetCurrentProcessId
ExitProcess
GetSystemDirectoryA
GetModuleFileNameA
GetModuleHandleA
GetTempPathA
QueryPerformanceFrequency
QueryPerformanceCounter
GetVersionExA
SetProcessPriorityBoost
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetCurrentProcess
MoveFileExA
GetEnvironmentVariableA
GetShortPathNameA
lstrlenA
Process32Next
Process32First
CreateToolhelp32Snapshot
CloseHandle

user32

FindWindowA
GetWindowThreadProcessId

ws2_32

recv
gethostbyname
connect
closesocket
send
inet_addr
htons
WSAStartup
socket

urlmon

URLDownloadToFileA

shell32

ShellExecuteExA
ShellExecuteA
SHChangeNotify

advapi32

RegCloseKey
RegSetValueExA
RegCreateKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
GetUserNameA

ntdll

NtQuerySystemInformation
ZwSystemDebugControl

shlwapi

SHDeleteKeyA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

70fbfbfd2e9c9d8f9f53fb36549ec897

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

ws2_32

urlmon

shell32

advapi32

ntdll

shlwapi

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 19KB - Virtual size: 19KB

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 19KB - Virtual size: 19KB