68940736cf03a0ca0d4a708ec0ab46ef_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

68940736cf03a0ca0d4a708ec0ab46ef_JaffaCakes118
Size

27KB
MD5

68940736cf03a0ca0d4a708ec0ab46ef
SHA1

a7391402837adca0f60b1de4d921b9a46e3d5200
SHA256

a3ad6f3b61d58d940d8a05594b45166805b4ff5f0fa19b95f518ea9222085dbc
SHA512

65e1206366e08e706d98cc9cf111592e2e57a78230aaa3987e3d3d000f7a739a5651b0999e0ae3f7926c0f3f87551db3549697bdccec2a5d9937cadc3dcc8a68
SSDEEP

768:z0t7CCD6PCYfgovfoGVbfrPknj3XlnDq5SsGl6ZB:z0taBoOFbrGLJD6GUB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
68940736cf03a0ca0d4a708ec0ab46ef_JaffaCakes118

Files

68940736cf03a0ca0d4a708ec0ab46ef_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c91ee4c9cc9f039facae8c9061d484ad

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSAStartup
WSACleanup
ioctlsocket
gethostbyname

shlwapi

SHDeleteKeyA

kernel32

lstrcmpiA
lstrcpyA
GetCurrentProcessId
GetModuleFileNameA
GetModuleHandleA
HeapFree
lstrcatA
lstrlenA
WritePrivateProfileStringA
GetPrivateProfileSectionNamesA
Sleep
PulseEvent
CreateThread
GetTickCount
GetCurrentThreadId
UnmapViewOfFile
WaitForSingleObject
GetLastError
CreateEventA
lstrcmpA
FreeLibrary
LoadLibraryA
lstrcpynA
CloseHandle
OpenEventA
MapViewOfFileEx
CreateFileMappingA
VirtualAlloc
VirtualFree
GetProcAddress
VirtualProtect
HeapReAlloc
OutputDebugStringA
FlushInstructionCache
WriteProcessMemory
VirtualProtectEx
GetThreadContext
ResumeThread
DuplicateHandle
CreateRemoteThread
OpenProcess
CreateProcessA
GetCurrentProcess
GetVersionExA
Process32Next
Process32First
CreateToolhelp32Snapshot
VirtualAllocEx
IsBadReadPtr
GetProcessHeap
VirtualQuery
OpenFile
SetFileTime
GetFileTime
CreateFileA
GetFileAttributesA
GetSystemDirectoryA
DeleteFileA
WinExec
GetWindowsDirectoryA
CopyFileA
MapViewOfFile
SetLastError
RemoveDirectoryA
ExitProcess
TerminateThread
GetCurrentThread
HeapAlloc
SetThreadContext

user32

GetMessageA
MessageBoxA
wsprintfA
TranslateMessage
DispatchMessageA

advapi32

RegCloseKey
RegDeleteValueA
RegCreateKeyExA
RegEnumValueA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
OpenProcessToken
GetTokenInformation
AdjustTokenPrivileges
RegSetValueExA
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegEnumKeyExA

shell32

SHGetSpecialFolderPathA
ShellExecuteA

wininet

InternetOpenA
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetConnectA
HttpQueryInfoA
InternetCanonicalizeUrlA
InternetCloseHandle
InternetCrackUrlA
InternetReadFile
InternetQueryDataAvailable

Exports

Exports

StartDownload
_WorkProc@4
__mp@4

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c91ee4c9cc9f039facae8c9061d484ad

Headers

File Characteristics

Imports

wsock32

shlwapi

kernel32

user32

advapi32

shell32

wininet

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 23KB

.reloc Size: 2KB - Virtual size: 1KB

Size: 512B - Virtual size: 4KB

.text
Size: 24KB - Virtual size: 23KB

.reloc
Size: 2KB - Virtual size: 1KB