622eeb62c06297e47f885f6ff9bb73c6_JaffaCakes118

General

Target

622eeb62c06297e47f885f6ff9bb73c6_JaffaCakes118
Size

56KB
MD5

622eeb62c06297e47f885f6ff9bb73c6
SHA1

6456244fcb773736741870c46e4fc251665a0837
SHA256

8e85e72afdf7e66cef4efb6b3639b88249d7cd84f3b74b943688e28c27dff73e
SHA512

a2eb964856a2fa97659f8f6b487c437ab5f4d85f6eed1956e7298fdc28d81f0efa3fd27bb5ad385984bf6cfac57afa786e3e69b78dbc15e74c66bd318b5158fd
SSDEEP

768:i0GjilzJTWyv4/+EAcBFitQKk8B6R+uAF3x6zlnlDHlJ:i2JMBWEAaitlJ6RmxCbl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
622eeb62c06297e47f885f6ff9bb73c6_JaffaCakes118

Files

622eeb62c06297e47f885f6ff9bb73c6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

944f21054ce64ea66db4d7013ff2648a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
CreateFileA
InterlockedDecrement
InterlockedIncrement
GetLastError
lstrcatA
lstrcpynA
GetTempFileNameA
GetTempPathA
CloseHandle
GetModuleFileNameA
OpenProcess
GetCurrentProcessId
CompareStringW
CompareStringA
LoadLibraryA
GetProcAddress
DeleteFileA
Sleep
lstrlenA
GetProcessHeap
HeapAlloc
GetVersionExA
lstrcpyA
HeapFree
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetFileType
GetStdHandle
SetEnvironmentVariableA
ExitProcess
TerminateProcess
GetCurrentProcess
RtlUnwind
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
HeapReAlloc
HeapSize
GetCPInfo
GetACP
GetOEMCP
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
WideCharToMultiByte
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount

user32

GetMessageA
LoadStringA
CharNextA
TranslateMessage

advapi32

RegOpenKeyA
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegEnumValueA
RegSetValueExA

shell32

ShellExecuteA
SHGetFolderPathA

wininet

HttpQueryInfoA
InternetCloseHandle
InternetReadFile
InternetOpenA
InternetOpenUrlA
InternetSetOptionA

setupapi

SetupIterateCabinetA

Sections

.text
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

944f21054ce64ea66db4d7013ff2648a

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

wininet

setupapi

Sections

.text Size: 36KB - Virtual size: 32KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 14KB

.text
Size: 36KB - Virtual size: 32KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 14KB