64578e74c2044e1cedbfab3531845b37_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

64578e74c2044e1cedbfab3531845b37_JaffaCakes118
Size

43KB
MD5

64578e74c2044e1cedbfab3531845b37
SHA1

aabab8e8c48acdd16802b3c39bd407d5cbfae4b2
SHA256

a18dd5952649a551edc6b12dd23bd6b4447288f18a3a3da46385abf4d5f68ae2
SHA512

319887bbdc6d9a61b32b87accf4f7efc8415ed7621f9e6c0075cad26a164b7762c25f359e939458f062b9b24a998e06525f8b7af58a7dca75a0c702eae1133d2
SSDEEP

768:8L2oXwvMd6F1p2MdDt+t2FTEEJHB1t+N6vKUQDLSTQbY9g4jCXd7n3+U:M2oXwvh5dt+t2FTEEJHBON0DQDLBYTCv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
64578e74c2044e1cedbfab3531845b37_JaffaCakes118

Files

64578e74c2044e1cedbfab3531845b37_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ef604c7d17d06357565b80f2e135b67a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetVersionExA
GetModuleHandleA
GetModuleFileNameA
UnmapViewOfFile
lstrcmpiA
HeapFree
lstrcpyA
GetLastError
HeapReAlloc
lstrlenA
InitializeCriticalSection
ExitProcess
WaitForSingleObjectEx
CloseHandle
SetEvent
OpenEventA
InterlockedIncrement
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
OutputDebugStringA
lstrcatA
GetTickCount
PulseEvent
CreateRemoteThread
MapViewOfFileEx
CreateFileMappingA
VirtualFree
VirtualAlloc
SetThreadContext
WriteProcessMemory
VirtualProtectEx
GetCurrentThreadId
ResumeThread
DuplicateHandle
OpenProcess
CreateProcessA
TerminateProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
VirtualAllocEx
VirtualFreeEx
CreateThread
DeleteFileA
SetFileTime
GetFileTime
CreateFileA
CopyFileA
Sleep
GetFileAttributesA
GetSystemDirectoryA
GetWindowsDirectoryA
CreateEventA
MapViewOfFile
RemoveDirectoryA
ExitThread
OpenFile
_lclose
TerminateThread
GetCurrentProcessId
IsBadReadPtr
lstrcpynA
LoadLibraryA
FreeLibrary
lstrcmpA
GetProcessHeap
HeapAlloc
FlushInstructionCache
VirtualProtect
SetLastError
GetThreadContext
GetCurrentProcess

user32

TranslateMessage
DispatchMessageA
GetMessageA
MessageBoxA
wsprintfA

advapi32

RegQueryValueExA
SetSecurityDescriptorDacl
OpenProcessToken
GetTokenInformation
AdjustTokenPrivileges
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
InitializeSecurityDescriptor

oleaut32

SysFreeString
SysAllocString

wininet

InternetQueryDataAvailable
InternetCrackUrlA
InternetReadFile
InternetCanonicalizeUrlA
InternetOpenUrlA
HttpQueryInfoA
InternetCloseHandle
InternetOpenA

shlwapi

SHDeleteKeyA

rpcrt4

UuidToStringA
RpcStringFreeA
UuidCreate

Exports

Exports

InstallHook
_WorkProc@4
__mp@4

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ef604c7d17d06357565b80f2e135b67a

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

wininet

shlwapi

rpcrt4

Exports

Exports

Sections

.text Size: 38KB - Virtual size: 37KB

.reloc Size: 3KB - Virtual size: 3KB

Size: 512B - Virtual size: 4KB

.text
Size: 38KB - Virtual size: 37KB

.reloc
Size: 3KB - Virtual size: 3KB