61c8009c6e58dbdc1cdc555117c63ff2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

61c8009c6e58dbdc1cdc555117c63ff2_JaffaCakes118
Size

11KB
MD5

61c8009c6e58dbdc1cdc555117c63ff2
SHA1

9101809d266c155aa7c4584fe9f04725247a9fe0
SHA256

aa792963c834945516e684c9d6ed8e17720ea4a714885ecc02e52d79d40139b1
SHA512

7f2cf3f4d932f51019861a3347b453348374f065a45de51fa7ed35b273d4d2130c412a8324b366dc770c15812243bdab2aa9e25de86e90d3ef928b7438198c52
SSDEEP

192:c/robauizxyVc1dR/Vc1dbn+z6R7MP1oyngjnJZkkkREl:c/roitF7qRn+zeS1yjnwy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
61c8009c6e58dbdc1cdc555117c63ff2_JaffaCakes118

Files

61c8009c6e58dbdc1cdc555117c63ff2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5c84eeba139464d0f9659e8349118058

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

ShellExecuteA

kernel32

ReadProcessMemory
GetCurrentProcess
GetProcAddress
GetModuleHandleA
GetVersionExA
FreeLibrary
LoadLibraryA
SetFileAttributesA
ExitProcess
CopyFileA
OpenMutexA
GetTempPathA
GetSystemDirectoryA
WinExec
GetWindowsDirectoryA
lstrcmpA
lstrcatA
lstrcpyA
SetErrorMode
CreateMutexA
InterlockedDecrement
Sleep
GetTickCount
GlobalAlloc
GlobalLock
GlobalUnlock
LocalFree
GetModuleFileNameA
lstrlenA
GetStartupInfoA

advapi32

RegSetValueExA
OpenSCManagerA
OpenServiceA
ControlService
CloseServiceHandle
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA

user32

MessageBoxA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
keybd_event
ShowWindow
SetFocus
SetForegroundWindow
BlockInput
PostMessageA
FindWindowExA
VkKeyScanA
FindWindowA

ws2_32

htons
recv
connect
closesocket
socket
WSACleanup
gethostbyname
WSAStartup
send

urlmon

URLDownloadToFileA

ole32

CoInitialize
CoCreateInstance

oleaut32

VariantClear
SysFreeString
SysAllocString
VariantInit

msvcrt

_stricmp
isupper
_controlfp
??1type_info@@UAE@XZ
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
??2@YAPAXI@Z
_XcptFilter
_exit
_CxxThrowException
rand
strtok
sprintf
strcat
strcmp
fopen
fclose
isalpha
??3@YAXPAX@Z
_EH_prolog
__CxxFrameHandler
srand
strlen
strcpy
islower

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5c84eeba139464d0f9659e8349118058

Headers

File Characteristics

Imports

shell32

kernel32

advapi32

user32

ws2_32

urlmon

ole32

oleaut32

msvcrt

Sections

.text Size: 6KB - Virtual size: 5KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 1024B - Virtual size: 688B

.text
Size: 6KB - Virtual size: 5KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 1024B - Virtual size: 688B