40b8d1dfbda862a2de15b996d6c9a36c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

40b8d1dfbda862a2de15b996d6c9a36c_JaffaCakes118
Size

34KB
MD5

40b8d1dfbda862a2de15b996d6c9a36c
SHA1

99107ab374d1c208169a8df58fdbbf9c5c6aef1a
SHA256

0dda2753191f414fde60463ad9223e5d7c128e1241b9e8c73ee35f44fa45f4bd
SHA512

5e8fa25e74b036f6ec8d796454009f7561aba46d2e558a050224a0321430d4f8b609d83eb38ada58eceed3dd6414d62960a0644f15cbe7daddbf705b3127e4fc
SSDEEP

768:8ao+vO0SDxEQ/R0GsQB4FUO4I309DiY3rPGW0/TaZg/l9Jb2:HG0SFvR0LkgUO4Ik9DicPGHlP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
40b8d1dfbda862a2de15b996d6c9a36c_JaffaCakes118

Files

40b8d1dfbda862a2de15b996d6c9a36c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ede18639cc316b39f2b5e3f969bf4625

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

gethostbyname
WSAStartup
ioctlsocket
WSACleanup

shlwapi

SHDeleteKeyA

kernel32

lstrcatA
WritePrivateProfileStringA
GetPrivateProfileSectionNamesA
GetProcAddress
LoadLibraryA
GetFileAttributesA
Sleep
UnmapViewOfFile
DeleteFileA
WinExec
lstrcmpA
FreeLibrary
lstrcpynA
GetTickCount
GetCurrentThreadId
CloseHandle
PulseEvent
OpenEventA
MapViewOfFileEx
CreateFileMappingA
VirtualAlloc
VirtualFree
VirtualProtect
SetThreadContext
FlushInstructionCache
VirtualProtectEx
GetThreadContext
GetExitCodeThread
ResumeThread
OpenProcess
CreateProcessA
SetLastError
GetVersionExA
VirtualAllocEx
IsBadReadPtr
GetModuleHandleA
OpenFile
CreateEventA
WaitForSingleObject
SetFileTime
GetFileTime
CreateFileA
GetSystemDirectoryA
GetTempPathA
GetWindowsDirectoryA
CreateThread
CopyFileA
GetTempFileNameA
GetFileSize
MapViewOfFile
RemoveDirectoryA
ExitProcess
SetEvent
ExitThread
ResetEvent
WaitForSingleObjectEx
GetModuleFileNameA
GetCurrentProcessId
OutputDebugStringA
GetCurrentProcess
HeapAlloc
lstrlenA
HeapReAlloc
GetLastError
lstrcpyA
HeapFree
GetProcessHeap
lstrcmpiA
DuplicateHandle

user32

TranslateMessage
wsprintfA
wvsprintfA
GetMessageA
GetDesktopWindow
DispatchMessageA
MessageBoxA

advapi32

RegQueryValueExA
RegDeleteValueA
RegCreateKeyExA
RegEnumValueA
RegEnumKeyExA
RegOpenKeyExA
RegQueryInfoKeyA
RegSetValueExA
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey

shell32

ShellExecuteA
SHGetSpecialFolderPathA

wininet

FindNextUrlCacheEntryA
FindFirstUrlCacheEntryA
FindCloseUrlCache

Exports

Exports

__r@4
__w@4
_s

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ede18639cc316b39f2b5e3f969bf4625

Headers

File Characteristics

Imports

wsock32

shlwapi

kernel32

user32

advapi32

shell32

wininet

Exports

Exports

Sections

.text Size: 30KB - Virtual size: 29KB

.reloc Size: 3KB - Virtual size: 2KB

Size: 512B - Virtual size: 4KB

.text
Size: 30KB - Virtual size: 29KB

.reloc
Size: 3KB - Virtual size: 2KB