4344ebf93ae0ae33a8e05af1507c4c7a_JaffaCakes118

General

Target

4344ebf93ae0ae33a8e05af1507c4c7a_JaffaCakes118
Size

28KB
MD5

4344ebf93ae0ae33a8e05af1507c4c7a
SHA1

9f0ee808e05f46f91ff09851efae0666ca78edfa
SHA256

b090a2aa9d0708c19d44fa5864b01a1ac89b6841d3019152c84b654cc4aeb3fc
SHA512

c1331fa595834fa307a5d53781a1946daa073e9f1491efd55436ef283c5a10a2e59223ed34fa1f7df59104c71f53892ab634a155f4e51d77f236ddd32222d0a4
SSDEEP

384:rZ6MCynr8VvRFf10wUUml/5Qe67eMWoY827tkJb/:1CAgV5p5UcEoYt7ts/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4344ebf93ae0ae33a8e05af1507c4c7a_JaffaCakes118

Files

4344ebf93ae0ae33a8e05af1507c4c7a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e61cad6e2062fbb94a671db8fdf61dee

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateMutexA
CreateProcessA
ExitThread
InterlockedDecrement
lstrcpyA
lstrlenA
lstrcmpiA
WideCharToMultiByte
GetLastError
CopyFileA
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleFileNameA
GetComputerNameA
GetStringTypeA
LCMapStringW
Sleep
GetTickCount
CreateThread
CloseHandle
MultiByteToWideChar
InterlockedIncrement
LCMapStringA
HeapReAlloc
VirtualAlloc
HeapAlloc
GetOEMCP
GetACP
GetCPInfo
WriteFile
GetStringTypeW
RtlUnwind
HeapFree
VirtualFree
HeapCreate
HeapDestroy
GetFileType
GetStdHandle
ExitProcess
TerminateProcess
GetCurrentProcess
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount

user32

wsprintfA

advapi32

RegSetValueExA
RegCloseKey
OpenSCManagerA
CloseServiceHandle
RegOpenKeyA

ws2_32

connect
recv
gethostbyname
htons
ioctlsocket
getservbyname
setsockopt
send
shutdown
closesocket
inet_ntoa
WSAStartup
select
socket

netapi32

NetUserEnum

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e61cad6e2062fbb94a671db8fdf61dee

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

netapi32

Sections

.text Size: 16KB - Virtual size: 14KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 4KB

.text
Size: 16KB - Virtual size: 14KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 4KB