4091a17062e3ce6c32a5ba5ef14e32e9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4091a17062e3ce6c32a5ba5ef14e32e9_JaffaCakes118
Size

28KB
MD5

4091a17062e3ce6c32a5ba5ef14e32e9
SHA1

3cc52ae939d8a7bd6037c2f131eab310497659a8
SHA256

5d38cc4a99849203efa6c32cbd16124d7907e9f5853b3f079b33c5d566dacefc
SHA512

16051357ead63a91ffcb4b1cd53412c84510c8d6f1954a0c36aa03cb4a90c73a975e94556e065a0da9278dd2fde7d200cafac05b3250753cec83a59f177a790f
SSDEEP

768:r5JdUCLNKCC9seOA4gNjmll2Ptm9oBprTOcrnBg1:tUYNS4lM2oBFrnBg1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4091a17062e3ce6c32a5ba5ef14e32e9_JaffaCakes118

Files

4091a17062e3ce6c32a5ba5ef14e32e9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4a9f2e75045ddac146492dba2e645a73

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
Sleep
GetSystemWindowsDirectoryA
GetSystemDirectoryA
VirtualQueryEx
ReadProcessMemory
GetThreadContext
CreateProcessA
TerminateProcess
ResumeThread
SetThreadContext
WriteProcessMemory
GetProcAddress
GetModuleHandleA
VirtualProtectEx
VirtualAllocEx
VirtualAlloc
lstrcatA
FreeLibrary
LoadLibraryA
SetFileAttributesA
GetModuleFileNameA
GetLastError
CloseHandle
ReleaseMutex
OpenMutexA
WinExec
GetTempPathA
GetCurrentProcess
CreateThread
SetThreadPriority
GetCurrentThread
SetPriorityClass
lstrcpyA
GetEnvironmentVariableA
GetShortPathNameA
WaitForSingleObject
ExitProcess
CreateMutexA
OutputDebugStringA
lstrlenA
CopyFileA
GlobalMemoryStatusEx
GetVersionExA
GetSystemDefaultUILanguage
LocalAlloc
RaiseException
InterlockedExchange
GetStartupInfoA

shell32

ShellExecuteA

ws2_32

__WSAFDIsSet
WSAIoctl
gethostname
send
recv
select
setsockopt
WSACleanup
WSASocketA
sendto
inet_addr
gethostbyname
socket
htons
connect
closesocket
WSAStartup
htonl

wininet

InternetReadFile
InternetCloseHandle
InternetOpenUrlA
InternetOpenA

msvcrt

_itoa
_controlfp
_strlwr
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
_except_handler3
strncmp
exit
strncpy
strcspn
rand
strstr
atoi
sprintf
strchr
srand
malloc
??2@YAPAXI@Z
fread
ftell
fseek
fclose
fopen

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4a9f2e75045ddac146492dba2e645a73

Headers

File Characteristics

Imports

kernel32

shell32

ws2_32

wininet

msvcrt

Sections

.text Size: 19KB - Virtual size: 19KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 3KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 19KB - Virtual size: 19KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB