688fb758fe365747f0ecb40d9f39813e_JaffaCakes118

General

Target

688fb758fe365747f0ecb40d9f39813e_JaffaCakes118
Size

48KB
MD5

688fb758fe365747f0ecb40d9f39813e
SHA1

98933b9aaecf623c81a4a7b55fd429d501777151
SHA256

01bca1f101d3f22395c84937c177508c712ec96c30b421f098a9290141c2f875
SHA512

792ab6ac61f4ed3ce91aa605ccd2a638dde30d4409aaaae6b319ce6f77bedcff0645906c1a9ac95dd6a9e517730424a367855401b49c4625afaf2d7de7e4e9cf
SSDEEP

768:uD/RBBW+es3poJpUPIMFp+Fi+GBdzzZUy3N3b06eMO+1/HAp224oVleUv:yrBLegpoJ+4PGBdzdUL6e4/HAh4ouK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
688fb758fe365747f0ecb40d9f39813e_JaffaCakes118

Files

688fb758fe365747f0ecb40d9f39813e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bb47350f0c18f599b0224f341695bfd6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
GetCommandLineA
LoadLibraryA
CreateProcessA
CreateThread
GetCurrentProcessId
GetProcAddress
GetVersion
GetStringTypeW
WriteFile
LCMapStringA
SetEndOfFile
LCMapStringW
CompareStringW
CompareStringA
SetEnvironmentVariableA
GetACP
GetCPInfo
GetOEMCP
CreateFileA
FlushFileBuffers
SetFilePointer
HeapReAlloc
SetStdHandle
ReadFile
WaitForSingleObject
VirtualAlloc
RtlUnwind
ExitProcess
TerminateProcess
GetCurrentProcess
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetModuleHandleA
GetStartupInfoA
Sleep
GetLastError
GetFileAttributesA
HeapFree
MultiByteToWideChar
GetStringTypeA
VirtualFree
GetExitCodeProcess
SetHandleCount
GetStdHandle
GetFileType
HeapAlloc
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate

advapi32

RegCreateKeyExA
RegSetValueExA
RegCloseKey

wsock32

gethostname
bind
select
listen
accept
WSAStartup
__WSAFDIsSet
send
ioctlsocket
WSACleanup
socket
htons
gethostbyaddr
gethostbyname
closesocket
connect
inet_ntoa
shutdown
recv
WSAGetLastError

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bb47350f0c18f599b0224f341695bfd6

Headers

File Characteristics

Imports

kernel32

advapi32

wsock32

Sections

.text Size: 36KB - Virtual size: 33KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 9KB

.text
Size: 36KB - Virtual size: 33KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 9KB