47eb054921628bdf4fe640b0bd180a89_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

47eb054921628bdf4fe640b0bd180a89_JaffaCakes118
Size

152KB
MD5

47eb054921628bdf4fe640b0bd180a89
SHA1

4304ffda0020a3c587e6c28d093918d6e49b51a1
SHA256

9316300ec172c513026fbd4fb36872242bdc12bcc11de8ff318bc52478116866
SHA512

cde4f02174f99926781c5b1a4cb196a3198ff73a42675cd73f13b680b7a25dc73386e1d1961cbbef2b42cf27636128164848870ca828f03ef74f0e75a4bde300
SSDEEP

1536:9njJ2/DFbzI6bJ99B5tr+mTVW1wR0DQFOtV7LKlt8RykAG0zskkXs:RjJ2pPvr5tiPoRFOtJciyvGMr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
47eb054921628bdf4fe640b0bd180a89_JaffaCakes118

Files

47eb054921628bdf4fe640b0bd180a89_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1826952b3d4eca95abab731161a09025

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Process32First
CreateToolhelp32Snapshot
OpenProcess
DeleteFileA
GetSystemDirectoryA
lstrcmpA
lstrcpyA
WinExec
lstrcatA
GetTempPathA
Process32Next
lstrcmpiA
TerminateProcess
CreateThread
GetLastError
CopyFileA
GetModuleFileNameA
GetStringTypeA
LCMapStringW
Sleep
MultiByteToWideChar
VirtualAllocEx
WriteProcessMemory
GetModuleHandleA
GetProcAddress
CreateRemoteThread
GetCurrentProcess
FindResourceA
SizeofResource
LoadResource
GlobalAlloc
LockResource
GetTickCount
GlobalFree
CreateFileA
WriteFile
CloseHandle
lstrlenA
LCMapStringA
LoadLibraryA
GetOEMCP
GetACP
GetCPInfo
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
HeapFree
HeapReAlloc
HeapAlloc
RtlUnwind
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
GetStringTypeW

user32

wsprintfA

advapi32

RegOpenKeyA
OpenSCManagerA
CreateServiceA
OpenServiceA
StartServiceA
RegSetValueExA
CloseServiceHandle
RegOpenKeyExA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus
RegCreateKeyA
RegDeleteKeyA
RegEnumKeyA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

shell32

SHGetSpecialFolderPathA

ws2_32

WSAStartup
closesocket
htons
recv
gethostbyname
send
inet_addr
socket
connect

shlwapi

PathFindFileNameA

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1826952b3d4eca95abab731161a09025

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ws2_32

shlwapi

Sections

.text Size: 24KB - Virtual size: 20KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 11KB

.rsrc Size: 108KB - Virtual size: 104KB

.text
Size: 24KB - Virtual size: 20KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 11KB

.rsrc
Size: 108KB - Virtual size: 104KB