4c3fbd5a3ae49837d376dd8d00fc9be2_JaffaCakes118

General

Target

4c3fbd5a3ae49837d376dd8d00fc9be2_JaffaCakes118
Size

60KB
MD5

4c3fbd5a3ae49837d376dd8d00fc9be2
SHA1

79be4a6ca5bf5793724449bd6beb361e6b8f70ea
SHA256

984ec709c4329e19806e98468d1492551cc2f819fdcf3167d0a4807b9a2bbbdb
SHA512

2b93929615bc05a8df048a015a3b97c17dbe20c0264836af26fb59276cb061971a621065eadf2e4d0d4c110d762a19ce8ba66099c50e14f64eb837d50bb353f9
SSDEEP

768:s4x30Y3vX5tK9nyJ17J77qe6rt0ltZyH:+9nyJhJyxtEtZyH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4c3fbd5a3ae49837d376dd8d00fc9be2_JaffaCakes118

Files

4c3fbd5a3ae49837d376dd8d00fc9be2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4deef6f47d153f960e9a295f39a25004

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TerminateProcess
CreateProcessA
CreateThread
CloseHandle
ReleaseMutex
GetLastError
OpenMutexA
SetProcessWorkingSetSize
GetCurrentProcess
WinExec
Sleep
LoadLibraryA
GetTempPathA
WaitForSingleObject
ExitProcess
CreateMutexA
CopyFileA
GetModuleFileNameA
GlobalMemoryStatusEx
GetLocaleInfoW
LCMapStringA
FlushFileBuffers
SetStdHandle
ExitThread
GetSystemDirectoryA
lstrcatA
lstrcpyA
GetProcAddress
GetTickCount
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
SetFilePointer
WriteFile
LCMapStringW
RtlUnwind
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
HeapAlloc
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
VirtualAlloc
HeapReAlloc
UnhandledExceptionFilter

user32

wsprintfA
GetDesktopWindow

advapi32

RegQueryValueExA
RegOpenKeyA
RegSetValueExA
RegCloseKey
RegOpenKeyExA

shell32

ShellExecuteA

ws2_32

WSASocketA
WSAStartup
send
setsockopt
recv
gethostbyname
socket
htons
connect
closesocket
htonl
__WSAFDIsSet
select
inet_addr
sendto

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4deef6f47d153f960e9a295f39a25004

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ws2_32

Sections

.text Size: 32KB - Virtual size: 29KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 16KB - Virtual size: 18KB

.text
Size: 32KB - Virtual size: 29KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 16KB - Virtual size: 18KB