45b281f1d6c17a21c66ca04ae3434881_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

45b281f1d6c17a21c66ca04ae3434881_JaffaCakes118
Size

72KB
MD5

45b281f1d6c17a21c66ca04ae3434881
SHA1

a7bcd4aa135a64fcd8cc1bc7f89981ca8566a28b
SHA256

0891af11e9f7b21e73da2e9f2809b286324c1fad849a2ff4989addb5f8b3e544
SHA512

1e4f11562ae4dbcee88c1f32d0ff68ce8ef7514cb582a2ccb820eff09bf52417422deb58c2abb17f00e7c7bfd49a23c329a740dba6bad3bf1adf773a3908caa8
SSDEEP

1536:q8g1hdmIhGVLXxNVDjtpt0HQMJBbw2RozIPQkyO:qdxGJx3jtz0H5rheIPQFO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
45b281f1d6c17a21c66ca04ae3434881_JaffaCakes118

Files

45b281f1d6c17a21c66ca04ae3434881_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3925e6dda3ae06a9d43568b7676c5e02

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

listen
closesocket
bind
setsockopt
select
inet_addr
htonl
htons
socket
getpeername
shutdown
gethostbyname
inet_ntoa
ntohl
WSAStartup
WSACleanup
ioctlsocket
recv
send
connect
accept
WSAGetLastError

kernel32

LoadLibraryA
lstrcpynA
IsBadReadPtr
GetCurrentProcessId
GetCurrentThreadId
GetProcAddress
GetVersionExA
GetModuleHandleA
GetModuleFileNameA
lstrcmpiA
HeapFree
lstrcpyA
HeapReAlloc
lstrlenA
GetSystemDirectoryA
InitializeCriticalSection
ExitProcess
WaitForSingleObjectEx
CloseHandle
SetEvent
OpenEventA
InterlockedIncrement
WaitForSingleObject
ExitThread
Sleep
LeaveCriticalSection
EnterCriticalSection
DeleteFileA
UnmapViewOfFile
lstrcatA
FreeLibrary
GetExitCodeThread
WriteProcessMemory
MapViewOfFileEx
CreateFileMappingA
VirtualFree
VirtualAlloc
GetLastError
SetThreadContext
GetThreadContext
CreateRemoteThread
ResumeThread
OpenProcess
CreateProcessA
TerminateProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
VirtualAllocEx
VirtualFreeEx
DuplicateHandle
CreateThread
GetTempFileNameA
GetTempPathA
SetFileTime
GetFileTime
CreateFileA
lstrcmpA
CopyFileA
FindNextFileA
FindFirstFileA
GetWindowsDirectoryA
CreateEventA
MapViewOfFile
GetTickCount
VirtualProtectEx
RemoveDirectoryA
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineA
OpenFile
_lclose
TerminateThread
GetProcessHeap
HeapAlloc
FlushInstructionCache
VirtualProtect
SetLastError
GetCurrentProcess
PulseEvent
GetFileAttributesA

user32

wvsprintfA
wsprintfA

advapi32

RegQueryValueExA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
OpenProcessToken
GetTokenInformation
AdjustTokenPrivileges
RegOpenKeyExA
RegEnumValueA
RegNotifyChangeKeyValue
GetUserNameA
DeleteService
CreateServiceA
ChangeServiceConfigA
QueryServiceConfigA
OpenSCManagerA
RegCreateKeyExA
CloseServiceHandle
OpenServiceA
RegCloseKey
RegSetValueExA

ole32

CoTaskMemAlloc

oleaut32

SysFreeString
SysAllocString
VariantInit

wininet

InternetCrackUrlA
InternetQueryDataAvailable
InternetSetOptionA
InternetOpenA
InternetCanonicalizeUrlA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetReadFile
InternetCloseHandle
InternetQueryOptionA
HttpAddRequestHeadersA
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA
FindCloseUrlCache

shlwapi

SHDeleteKeyA
PathQuoteSpacesA

urlmon

ObtainUserAgentString

rpcrt4

UuidToStringA
UuidCreate
RpcStringFreeA

Exports

Exports

InstallHook

Sections

.text
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3925e6dda3ae06a9d43568b7676c5e02

Headers

File Characteristics

Imports

wsock32

kernel32

user32

advapi32

ole32

oleaut32

wininet

shlwapi

urlmon

rpcrt4

Exports

Exports

Sections

.text Size: 68KB - Virtual size: 68KB

.text
Size: 68KB - Virtual size: 68KB