404b42e96c319f1d7e956310a7a7b026_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

404b42e96c319f1d7e956310a7a7b026_JaffaCakes118
Size

203KB
MD5

404b42e96c319f1d7e956310a7a7b026
SHA1

1cd721f55647a0fe89fbf3554922b24493919664
SHA256

4f357d7c2295c68e345576e7817fffde5113b6ff3d4bf32500e086ba5550756d
SHA512

87e5f763631e8b5f0ce4b30ed78ce704117c4935953edf1d9cb0bcdb7e29600cf6d3f4c23b69822874e923f4b7305eb509e56c16f6164e128905a8eb6020ae39
SSDEEP

768:h1kIZhwNXwPgaIgevX3GOG0ycxJQLYcSWFxD:hGXw4azevHGxduJQLYcSWFxD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
404b42e96c319f1d7e956310a7a7b026_JaffaCakes118

Files

404b42e96c319f1d7e956310a7a7b026_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c9d4d60434565d6846ee46047ccb677b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CreateStreamOnHGlobal
CoTaskMemFree

kernel32

GetWindowsDirectoryA
GetDiskFreeSpaceA
GetDriveTypeA
CloseHandle
CreateFileA
CreateFileMappingA
CreateToolhelp32Snapshot
ExitProcess
lstrlenW
lstrlenA
lstrcpynA
FindClose
FindFirstFileA
FindNextFileA
GetComputerNameA
GetCurrentDirectoryA
lstrcpyA
lstrcmpiA
lstrcmpA
lstrcatA
WriteFile
WideCharToMultiByte
UnmapViewOfFile
Sleep
ReadFile
Process32Next
Process32First
OpenProcess
MultiByteToWideChar
MapViewOfFile
LocalFree
LocalAlloc
LoadLibraryA
GlobalMemoryStatus
GlobalFree
GlobalAlloc
GetFileSize
GetVolumeInformationA
GetVersionExA
GetTempPathA
GetSystemDirectoryA
GetProcAddress
GetPrivateProfileStringA
GetPrivateProfileSectionNamesA
GetPrivateProfileIntA
GetModuleFileNameA
GetLogicalDrives
GetLocaleInfoA
GetLocalTime
GetLastError
GetCurrentProcess

user32

ReleaseDC
GetDC
wsprintfA

oleaut32

SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayCreateVector

advapi32

GetUserNameA
RegEnumKeyExA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyA
RegEnumValueA
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
AdjustTokenPrivileges

shlwapi

StrCmpNA
StrRChrA
StrChrA
StrStrIA

wsock32

socket
send
recv
gethostname
closesocket
WSAStartup

ws2_32

WSAIoctl

rasapi32

RasGetEntryDialParamsA
RasEnumEntriesA
RasGetEntryPropertiesA

gdi32

GetDeviceCaps

Sections

Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 185KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nah
Size: 256B - Virtual size: 256B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c9d4d60434565d6846ee46047ccb677b

Headers

File Characteristics

Imports

ole32

kernel32

user32

oleaut32

advapi32

shlwapi

wsock32

ws2_32

rasapi32

gdi32

Sections

Size: 14KB - Virtual size: 14KB

Size: 2KB - Virtual size: 2KB

Size: 185KB - Virtual size: 185KB

.nah Size: 256B - Virtual size: 256B

.nah
Size: 256B - Virtual size: 256B