691cf3dbdc89ea404d0efb63c3ede7b0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

691cf3dbdc89ea404d0efb63c3ede7b0_JaffaCakes118
Size

29KB
MD5

691cf3dbdc89ea404d0efb63c3ede7b0
SHA1

738bee6af4b353a1e314b2ecad58882b91d152fd
SHA256

3f707024a2c1da84bc5e3a1f553b798bea8038a1fef7adde2d2acec62928e091
SHA512

f62d583a05a0fa9a77836efe57cbdb1ae54ffe31020d16038ff15f267437c0f97e2db0b47a7ef02f2194c90765d6ed629790fb379314e4c69efe21c5c910d8bf
SSDEEP

384:E94RhzmyGhcrsmFqvLQfyDfQAoZBLen+xwIR+RpNkKtO1x8yiYq:UyChcMAiIAobLQGwIMnkl1x8ym

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
691cf3dbdc89ea404d0efb63c3ede7b0_JaffaCakes118

Files

691cf3dbdc89ea404d0efb63c3ede7b0_JaffaCakes118
.exe .hta .vbs windows:4 windows x86 arch:x86 polyglot

d8d76c45abef5589fe3506766d371c9c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalAlloc
SetFilePointer
ReadFile
GlobalFree
GetTickCount
OpenProcess
TerminateProcess
CloseHandle
LoadLibraryA
GetProcAddress
CreateFileA
WriteFile
LocalAlloc
LocalFree
lstrlenA
WideCharToMultiByte
lstrcmpiA
MultiByteToWideChar
GetFileSize
GetLocalTime
ExitProcess
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
lstrcpyA
lstrcatA
SetFileAttributesA
CopyFileA
SystemTimeToFileTime
CompareFileTime
GetCurrentProcessId
CreateToolhelp32Snapshot
Process32First
Process32Next
GetSystemDirectoryA
GetModuleFileNameA
GetCommandLineA
Sleep
CreateThread
WaitForSingleObject
GetWindowsDirectoryA
WinExec
ReleaseMutex
CreateMutexA
FindFirstFileA
FindNextFileA
FindClose
GetLogicalDriveStringsA
GetDateFormatA
GetTimeFormatA
GetTimeZoneInformation
lstrcpynA
GetCurrentProcess

user32

DrawTextA
wsprintfA
GetDesktopWindow
MessageBoxA
CharUpperA

wsock32

gethostname
gethostbyname
inet_addr
select
recv
socket
connect
closesocket
bind
listen
accept
send
WSAStartup

ole32

CreateStreamOnHGlobal
CoInitialize

shlwapi

StrDupA
StrStrIA
StrTrimA
StrRChrA
StrChrIA

wininet

InternetGetConnectedState

advapi32

RegCreateKeyA
RegSetValueExA
RegCloseKey
RegDeleteKeyA
RegDeleteValueA

urlmon

URLDownloadToFileA

shell32

ShellExecuteA

gdi32

GetObjectA
GetDIBits
DeleteDC
DeleteObject
CreateCompatibleDC
GetDeviceCaps
CreateBitmap
SelectObject
SetBkMode
FloodFill
CreateFontA
SetTextColor

Sections

.data
Size: 11KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d8d76c45abef5589fe3506766d371c9c

Headers

File Characteristics

Imports

kernel32

user32

wsock32

ole32

shlwapi

wininet

advapi32

urlmon

shell32

gdi32

Sections

.data Size: 11KB - Virtual size: 13KB

.text Size: 17KB - Virtual size: 16KB

.rsrc Size: 1024B - Virtual size: 924B

.data
Size: 11KB - Virtual size: 13KB

.text
Size: 17KB - Virtual size: 16KB

.rsrc
Size: 1024B - Virtual size: 924B