6458806a5071a7c4fefae084791e8c67_JaffaCakes118

General

Target

6458806a5071a7c4fefae084791e8c67_JaffaCakes118
Size

63KB
MD5

6458806a5071a7c4fefae084791e8c67
SHA1

ec6cf407e4f791abb04a2bafde0980a2ba1fd2a8
SHA256

6b1f8b303956c04e24448b1eec8634bd3fb2784c8a2d12ecf8588424b36d3cbc
SHA512

a393236a33c1b759e6c774ce2dad59c68094385a551558dfb18c66ed8d587addf87feac036fce37afe50487a72eb107e5304333fa90688fe929285df3db70361
SSDEEP

768:IJi+IOGFnToIf1fvDfTGeM63/zwLkYLFS3BJOLKlcmxVoPhgG/y5ZpzCW:irIOGFnToIfpzTGcEY73BOKlcHwpC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6458806a5071a7c4fefae084791e8c67_JaffaCakes118

Files

6458806a5071a7c4fefae084791e8c67_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3a7094b9ec7c2f0e771a1e06a309bc1e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetUserDefaultLangID
GetModuleHandleA
GetCommandLineA
CreateProcessA
GetSystemDirectoryA
Sleep
GetTickCount
FindClose
FindNextFileA
DeleteFileA
LoadLibraryExA
GetFileAttributesA
SetConsoleTextAttribute
GetStdHandle
GetCurrentDirectoryA
GetFileSize
ExitProcess
ReadFile
TerminateProcess
OpenProcess
GetExitCodeProcess
WaitForSingleObject
GetStartupInfoA
CreatePipe
GetLastError
SystemTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
CreateFileA
GetFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
FindFirstFileA
CloseHandle

advapi32

ClearEventLogA
CloseEventLog
RegOpenKeyExA
RegQueryInfoKeyA
RegCloseKey
RegEnumKeyExA
OpenEventLogA

mfc42

ord2915
ord537
ord5683
ord825
ord823
ord561
ord815
ord1575
ord800
ord535
ord2818
ord540
ord4277
ord4278

msvcrt

atoi
fclose
fwrite
fopen
fgets
_ftol
free
malloc
_beginthreadex
fflush
rename
getc
fread
fseek
??1type_info@@UAE@XZ
__dllonexit
_onexit
_exit
_XcptFilter
exit
__p___initenv
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
strncpy
strtok
_CxxThrowException
__CxxFrameHandler
_iob
fprintf
strstr
sprintf
system
_stricmp
printf
_strnicmp

ws2_32

select
WSAGetLastError
__WSAFDIsSet
accept
ntohs
inet_ntoa
recv
send
gethostbyname
htons
connect
socket
WSAStartup
WSACleanup
htonl
bind
closesocket
listen

shlwapi

PathFileExistsA

Sections

.text
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3a7094b9ec7c2f0e771a1e06a309bc1e

Headers

File Characteristics

Imports

kernel32

advapi32

mfc42

msvcrt

ws2_32

shlwapi

Sections

.text Size: 62KB - Virtual size: 61KB

.rsrc Size: 512B - Virtual size: 160B

.text
Size: 62KB - Virtual size: 61KB

.rsrc
Size: 512B - Virtual size: 160B