5d741d4d7366cf33bac2beae7cc9007a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5d741d4d7366cf33bac2beae7cc9007a_JaffaCakes118
Size

80KB
MD5

5d741d4d7366cf33bac2beae7cc9007a
SHA1

38e19daa35624073a42d8a04657a7b5694a3b803
SHA256

6f317a180ffd992724d4e46f78d35e73584cbd60c5c24031e8bc4c78b239c07f
SHA512

b69470e8b35ad77f5391849bb5b027f77aa405943d8f2c2a83603202a3236d9fb125ab1196dcfc393fcea09d891a34130d49959945a25fefaf4686a07a91bd68
SSDEEP

1536:36V2fXlnBMd1ZHvZwPMlAfcUo6JaPpRJe+KVIfp1Leh4d0:KoBMd1tvZwPMlAZIPpRsEp1Le+d

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5d741d4d7366cf33bac2beae7cc9007a_JaffaCakes118

Files

5d741d4d7366cf33bac2beae7cc9007a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e0268eb583a4006d2eadace499f7e626

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
ReadFile
WriteFile
CreateFileA
SetPriorityClass
GetCurrentProcess
GetTickCount
SetThreadPriority
GetCurrentThread
CreateMutexA
ReleaseMutex
WaitForSingleObject
GetDiskFreeSpaceA
GetDriveTypeA
GetLogicalDrives
GlobalMemoryStatus
GetSystemInfo
lstrcatA
GetVersionExA
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetModuleFileNameA
lstrcmpA
lstrlenA
LoadLibraryA
GetModuleHandleA
VirtualFree
UnmapViewOfFile
VirtualAlloc
MapViewOfFileEx
CreateFileMappingA
OpenFileMappingA
VirtualProtect
MapViewOfFile
SearchPathA
FreeLibrary
ResumeThread
CreateProcessA
GetEnvironmentVariableA
GetShortPathNameA
ExitProcess
SetFileTime
CopyFileA
FindFirstFileA
GetFullPathNameA
GetSystemDirectoryA
GetLastError
WriteProcessMemory
OpenProcess
GetCurrentProcessId
LocalAlloc
lstrcpynA
GetComputerNameA
lstrcpyA
LocalFree
lstrcmpiA
HeapFree
GetProcessHeap
HeapAlloc
GetProcAddress
Sleep

user32

DefWindowProcA
RegisterClassA
wsprintfA
wvsprintfA

advapi32

RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegConnectRegistryA
RegCloseKey
RegCreateKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
GetUserNameA

wsock32

closesocket
WSAStartup
WSACleanup
connect
htons
gethostbyname
ioctlsocket
setsockopt
socket
recv
select
send
ntohs
gethostname
getsockname
listen
bind
accept
ntohl
htonl

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.plugins
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e0268eb583a4006d2eadace499f7e626

Headers

File Characteristics

Imports

kernel32

user32

advapi32

wsock32

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 28KB - Virtual size: 27KB

.plugins Size: 16KB - Virtual size: 16KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 28KB - Virtual size: 27KB

.plugins
Size: 16KB - Virtual size: 16KB