467bdeea2632619a73837f53f58543c2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

467bdeea2632619a73837f53f58543c2_JaffaCakes118
Size

52KB
MD5

467bdeea2632619a73837f53f58543c2
SHA1

5c1480aab1f7fd46b8675d4eba978fca51ae09c1
SHA256

f8251f91b9cb6f64c6c2dffadbc456f9dbdb5f64b8a814dbbeeea9b58eb815c4
SHA512

525659b9d03ba0dc86e89134b40791ee99323daaa0adab7c020723dfe6ab929c26a1434901387f85a0ef3e3c79b7660ad26f5549064e9775903f60753d39879d
SSDEEP

768:ALMD3iVe0+ZFUWzO8uVYObvBUAwTaYNX/wV/8252+0vbT+gtNXdW4CDtso:CMq+QWi8uVYObXwTaYZwtRc5ugtWdSo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
467bdeea2632619a73837f53f58543c2_JaffaCakes118

Files

467bdeea2632619a73837f53f58543c2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

888593e303374f1c1149bd6566f6e9c6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateThread
WinExec
GetModuleFileNameA
GetSystemDirectoryA
Sleep
GetLocalTime
Process32Next
CloseHandle
OpenProcess
Process32First
CreateToolhelp32Snapshot
GetCurrentDirectoryA
GetFullPathNameA
WaitForSingleObject
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
GetProcAddress
GetOEMCP
GetACP
GetStringTypeW
GetStringTypeA
GetModuleHandleA
LoadLibraryA
FindFirstFileA
WideCharToMultiByte
ReadFile
GetCPInfo
SetFilePointer
CreateFileA
FlushFileBuffers
SetStdHandle
HeapReAlloc
VirtualAlloc
WriteFile
VirtualFree
GetLastError
ResumeThread
TlsSetValue
ExitThread
InterlockedDecrement
InterlockedIncrement
GetTimeZoneInformation
GetSystemTime
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
EnterCriticalSection
LeaveCriticalSection
HeapFree
InitializeCriticalSection
GetCurrentThreadId
TlsAlloc
SetLastError
TlsGetValue
HeapAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
RtlUnwind
MultiByteToWideChar
LCMapStringA
LCMapStringW
DeleteCriticalSection
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate

user32

GetMessageA
CallNextHookEx
GetKeyNameTextA
wsprintfA
GetWindowTextA
GetForegroundWindow
ToUnicodeEx
MapVirtualKeyExA
GetKeyboardState
GetKeyboardLayout
GetWindowThreadProcessId
GetKeyState
TranslateMessage
SetWindowsHookExW
UnhookWindowsHookEx
DispatchMessageA

advapi32

RegQueryValueExA
RegCreateKeyA
RegOpenKeyA

shell32

SHGetFileInfoA

ws2_32

WSAStartup
socket
WSACleanup
gethostname
send
recv
closesocket
connect
inet_addr
inet_ntoa
gethostbyname
htons

shlwapi

SHSetValueA

Exports

Exports

?KeyEvent@@YGJHIJ@Z
?KeyEventUn@@YGJHIJ@Z

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

888593e303374f1c1149bd6566f6e9c6

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ws2_32

shlwapi

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 33KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 24KB

.text
Size: 36KB - Virtual size: 33KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 24KB