692c324b1b74bc9335be86efe7660410_JaffaCakes118

General

Target

692c324b1b74bc9335be86efe7660410_JaffaCakes118
Size

39KB
MD5

692c324b1b74bc9335be86efe7660410
SHA1

73fc5710f91d72bf4fd38ba17e0c3b4487545abc
SHA256

9b2737c933ccf79caa9fb06dc1cd139f8d585d4885c8945c0b635adbd6592d58
SHA512

8789df3366fd380a2eea090fe484a93e2f410bf289ce5d6c0d4b2962890279282e4b949ffe29cd5f10d2ca322a4a038738dc55629dd7f29f183e177b1bb51d4d
SSDEEP

768:6E7SSZ+oqoTc4Pvow9boQfjlfnhs/+phiCiYidraGgjlyX7xdNr8Q1UFF8D1Fp2b:x2SSt66dVx1ekY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
692c324b1b74bc9335be86efe7660410_JaffaCakes118

Files

692c324b1b74bc9335be86efe7660410_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b614197f1d4214df59d8e25eea8d4825

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
GetModuleHandleA
GetModuleFileNameA
CreateRemoteThread
OpenProcess
lstrlenA
SetFilePointer
TerminateThread
WriteFile
Process32Next
Process32First
CreateToolhelp32Snapshot
TerminateProcess
ExitThread
GetComputerNameA
GlobalMemoryStatus
GetVersionExA
GetCurrentProcessId
VirtualFree
VirtualAlloc
GetPriorityClass
ResumeThread
CloseHandle
CreateProcessA
DeleteFileA
LoadLibraryA
GetProcAddress
GetTickCount
GetTempPathA
GetStdHandle
SetConsoleTextAttribute
CreateMutexA
Sleep
GetLastError
lstrcmpiA
ExitProcess
CreateThread
GetCurrentProcess
SetLastError

user32

GetActiveWindow
PeekMessageA
DispatchMessageA
CallNextHookEx
GetMessageA
SetWindowsHookExA
UnhookWindowsHookEx
GetWindowTextA
SetKeyboardState
ToAscii
GetKeyboardState
GetKeyNameTextA
wsprintfA

advapi32

RegCreateKeyExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegDeleteValueA
OpenServiceA
CloseServiceHandle
OpenSCManagerA
DeleteService
ControlService
GetUserNameA
RegCloseKey

shell32

ShellExecuteA

msvcrt

fopen
fread
fclose
srand
rand
sprintf
printf
strstr
atoi
strncpy
strtok

shlwapi

PathStripPathA

wininet

InternetGetConnectedStateEx
InternetGetConnectedState

ws2_32

WSAEnumNetworkEvents
WSAWaitForMultipleEvents
recv
connect
WSAEventSelect
WSACreateEvent
socket
htons
gethostbyname
WSAStartup
getsockname
gethostname
inet_ntoa
WSAResetEvent
bind
WSAIoctl
WSASocketA
accept
listen
setsockopt
sendto
recvfrom
closesocket
WSACloseEvent
send
getpeername
ntohs
shutdown

Sections

.data
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b614197f1d4214df59d8e25eea8d4825

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

msvcrt

shlwapi

wininet

ws2_32

Sections

.data Size: 30KB - Virtual size: 30KB

.rsrc Size: 8KB - Virtual size: 7KB

.data
Size: 30KB - Virtual size: 30KB

.rsrc
Size: 8KB - Virtual size: 7KB