6a5b7ac5c978da4f2a61c9a686799035_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6a5b7ac5c978da4f2a61c9a686799035_JaffaCakes118
Size

28KB
MD5

6a5b7ac5c978da4f2a61c9a686799035
SHA1

a28c0a2b52d16150a8094a9957b55e2b7b5f5a92
SHA256

ebf3b62243d1104eec66893c48d07400d7d798fc0ea7272ba1c69957382198fc
SHA512

b2126fe42e9f2a05db8bf6989827e83cae9118f660bc08663c6b58b7bb822c1b50d3601e3b9a01cbcb4e1d44f4658e29f7f1d28f2410f93a2c57a761438dfb6a
SSDEEP

768:GHQ9sSIFJHjW+caahRZeZOAWDge9kP27tolypZO0X:GHQ2jjHj8ac7Kteg3eJpT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6a5b7ac5c978da4f2a61c9a686799035_JaffaCakes118

Files

6a5b7ac5c978da4f2a61c9a686799035_JaffaCakes118
.exe windows:1 windows x86 arch:x86

d669663861d258103bd4572e6a5bf218

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

CreateDirectoryA
GetLogicalDriveStringsA
GetDriveTypeA
lstrcmpA
WritePrivateProfileStringA
lstrcatA
GlobalFree
GlobalFindAtomA
GetCurrentDirectoryA
Sleep
WideCharToMultiByte
DeleteFileA
SetFileAttributesA
GlobalAlloc
lstrcpyA
CloseHandle
ReadFile
FindClose
WriteFile
GetFileSize
WriteConsoleA
GetModuleHandleA
GetSystemDirectoryA
ExitProcess
GlobalAddAtomA
GetWindowsDirectoryA
GetStdHandle
CreateThread
FindNextFileA
GetProcAddress
RemoveDirectoryA
LoadLibraryA
SetFilePointer
SetCurrentDirectoryA
GetModuleFileNameA
FindFirstFileA
lstrlenA
CreateFileA
CopyFileA

advapi32

RegQueryValueExA
RegCloseKey
RegQueryInfoKeyA
RegOpenKeyExA
RegEnumKeyExA
RegSetValueExA

wsock32

select
recv
listen
inet_addr
htons
gethostname
gethostbyname
connect
closesocket
bind
accept
__WSAFDIsSet
inet_ntoa
WSAStartup
WSACleanup
socket
send
setsockopt

gdi32

SelectObject
GetDeviceCaps
GetDIBColorTable
DeleteObject
DeleteDC
CreateDIBSection
CreateDCA
CreateCompatibleDC
BitBlt

user32

TranslateMessage
ToAsciiEx
SetKeyboardState
SetClipboardViewer
SendMessageA
PeekMessageA
OpenClipboard
GetWindowThreadProcessId
GetMessageA
GetKeyboardState
GetKeyboardLayout
GetKeyNameTextA
GetForegroundWindow
GetWindowTextA
GetFocus
GetClipboardData
DispatchMessageA
RegisterClassA
DefWindowProcA
CreateWindowExA
CloseClipboard
SetWindowsHookExA
CallNextHookEx

wininet

InternetGetCookieA
InternetGetConnectedState

Sections

CODE
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d669663861d258103bd4572e6a5bf218

Headers

File Characteristics

Imports

kernel32

advapi32

wsock32

gdi32

user32

wininet

Sections

CODE Size: 17KB - Virtual size: 20KB

DATA Size: 3KB - Virtual size: 4KB

.idata Size: 3KB - Virtual size: 4KB

.reloc Size: 1024B - Virtual size: 4KB

CODE
Size: 17KB - Virtual size: 20KB

DATA
Size: 3KB - Virtual size: 4KB

.idata
Size: 3KB - Virtual size: 4KB

.reloc
Size: 1024B - Virtual size: 4KB