63a79751e36dbfa38383134fce46456f_JaffaCakes118

General

Target

63a79751e36dbfa38383134fce46456f_JaffaCakes118
Size

61KB
MD5

63a79751e36dbfa38383134fce46456f
SHA1

ef046b0bbcb4e6514462e40fd70c9d9cd7946a5f
SHA256

d70961863c22ec090743a505fb6df4f9c78f7334d63807fbbeefb80be7d6dc20
SHA512

52040e9bb28d34be558e0904edab944a9c1d72c662c9a1980c23bd6496f2b8525c54796ada735fce258a47ab96af218905be81abe797386dbd2713f1d6a14537
SSDEEP

768:+gCqocn9+XwHUcE1DcmBFEbvwJiAaRzt857ty1ClVI1JdtE3bBmjyn8wtnOxy:bCfcnLEcAaRGZzbBmktSy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
63a79751e36dbfa38383134fce46456f_JaffaCakes118

Files

63a79751e36dbfa38383134fce46456f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c171f360f6df4127241f621dfdc34f35

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

setsockopt
bind
listen
accept
shutdown
inet_ntoa
ioctlsocket
ntohl
htonl
getsockname
inet_addr
gethostbyname
htons
socket
connect
send
WSACleanup
select
recv
closesocket

shell32

SHGetFolderPathA

advapi32

RegQueryValueExA
GetUserNameA
RegOpenKeyExA

kernel32

GetACP
GetCPInfo
LCMapStringW
LCMapStringA
CreateFileA
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
GetOEMCP
RtlUnwind
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
SetFilePointer
GetFileType
GetProcAddress
LoadLibraryA
MultiByteToWideChar
Process32Next
GetTickCount
CreateThread
CloseHandle
Sleep
CreateProcessA
GetModuleFileNameA
SetFileAttributesA
WaitForSingleObject
CreateMutexA
SetErrorMode
lstrcmpiA
GetTempPathA
GetLastError
CreateDirectoryA
GetVersionExA
TerminateThread
ExitThread
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEndOfFile
Process32First
CreateToolhelp32Snapshot
GetStdHandle
SetHandleCount
GetCurrentProcess
HeapAlloc
HeapFree
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
WriteFile
ReadFile
TerminateProcess

user32

wsprintfA
CharLowerA

Sections

.text
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c171f360f6df4127241f621dfdc34f35

Headers

File Characteristics

Imports

ws2_32

shell32

advapi32

kernel32

user32

Sections

.text Size: 49KB - Virtual size: 48KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 8KB - Virtual size: 20KB

.text
Size: 49KB - Virtual size: 48KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 8KB - Virtual size: 20KB