65be1f0c690a069b0b91b9f26c37d59c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

65be1f0c690a069b0b91b9f26c37d59c_JaffaCakes118
Size

84KB
MD5

65be1f0c690a069b0b91b9f26c37d59c
SHA1

0a5864d67c1539c46b8d24c681bba64be52ecc7d
SHA256

0d2dd1606c2eb38986f2ac729f868bcca11626fd28a69219e622bc8b2cb6a2e0
SHA512

6b6fae8eaf03cf773dc202558a19ba8d7bf7a521874b1517ffedbd0f5f84195636dd08d766fc347756916581b7c1889b1c79f1fcad7a26f3c1e741716f643d76
SSDEEP

1536:2EpULvvP48AxOZDphrsWoTwXCyJz/O7Wky2:3pfx+DXrsWoTwXjJTO7Wky2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
65be1f0c690a069b0b91b9f26c37d59c_JaffaCakes118

Files

65be1f0c690a069b0b91b9f26c37d59c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1bdea15067249763caafbce459a06d5e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MultiByteToWideChar
GetPrivateProfileIntA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetSystemDirectoryA
CreateMutexA
DeleteFileA
Sleep
GetTempFileNameA
GetTempPathA
CreateProcessA
WinExec
Module32Next
Module32First
CreateToolhelp32Snapshot
GetCurrentProcessId
GetModuleHandleA
VirtualFreeEx
WriteProcessMemory
VirtualAllocEx
OpenProcess
DisconnectNamedPipe
PeekNamedPipe
ConnectNamedPipe
CreateNamedPipeA
TerminateThread
OpenMutexA
WaitForSingleObject
CreateThread
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
WaitNamedPipeA
CreateEventA
SetEvent
OpenEventA
SizeofResource
GlobalFree
LockResource
LoadResource
FindResourceA
GetVersionExA
CopyFileA
GetModuleFileNameA
_lclose
_lwrite
_lcreat
MoveFileExA
ReleaseMutex
GetWindowsDirectoryA
GetLastError
CreateFileW
MoveFileW
CopyFileW
GetFileAttributesW
GetSystemTime
GetSystemDirectoryW
CancelIo
DeviceIoControl
DefineDosDeviceA
LCMapStringW
LCMapStringA
SetStdHandle
HeapReAlloc
SetFileAttributesA
GetFileSize
VirtualAlloc
ReadFile
VirtualFree
SetFilePointer
CreateFileA
WriteFile
CloseHandle
LoadLibraryA
ExitProcess
GetProcAddress
HeapAlloc
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
RtlUnwind
HeapFree
HeapCreate
HeapDestroy
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoA
GetCommandLineA
GetVersion
FlushFileBuffers

user32

GetWindowThreadProcessId
EnumWindows
wsprintfA
PostMessageA

advapi32

DeleteService
OpenSCManagerA
CreateServiceA
CloseServiceHandle
OpenServiceA
StartServiceA
QueryServiceStatus
RegCreateKeyExA
RegSetValueExA
RegCloseKey
ControlService

ws2_32

WSACleanup
ntohs
ioctlsocket
closesocket
WSAStartup
gethostbyname
inet_ntoa
recvfrom
sendto
htons
inet_addr
socket
connect
send
recv
setsockopt

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1bdea15067249763caafbce459a06d5e

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

Sections

.text Size: 40KB - Virtual size: 39KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 8KB - Virtual size: 9KB

.rsrc Size: 24KB - Virtual size: 20KB

.text
Size: 40KB - Virtual size: 39KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 8KB - Virtual size: 9KB

.rsrc
Size: 24KB - Virtual size: 20KB