6ae903b01ecb51d6e6a7c2394b7d816f_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

6ae903b01ecb51d6e6a7c2394b7d816f_JaffaCakes118
Size

27KB
MD5

6ae903b01ecb51d6e6a7c2394b7d816f
SHA1

2d05520f06583bf59b7472b1ed978e68a1fc1a5c
SHA256

15d3c7d82addabd94e3344d2fb0a5ca2eca000e476f8c912545e4faf99e52f16
SHA512

73766e0dc899a690d90bf6812bcc2f245eec5767c0fe7c6a7e130de539607e87eedca6bcc0b3197f046f9e3d7218f0b73c5a317311e050aa6ddc985af08bf171
SSDEEP

384:O1h8Phzmmr5386p3Z8NRXfLZ4HMcg0jV4NQSZeFm0iShyjtbrHRFbqtC:O1hyRtrZ8EGXz0McOQwoUAytHHm0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6ae903b01ecb51d6e6a7c2394b7d816f_JaffaCakes118

Files

6ae903b01ecb51d6e6a7c2394b7d816f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7ae27b64f1c7f7175bc9561d72a4b426

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHDeleteKeyA

kernel32

GetProcAddress
LoadLibraryA
GetFileAttributesA
Sleep
UnmapViewOfFile
DeleteFileA
WinExec
ExitThread
SetLastError
lstrcmpA
FreeLibrary
lstrcpynA
GetTickCount
GetCurrentThreadId
CloseHandle
PulseEvent
OpenEventA
MapViewOfFileEx
CreateFileMappingA
VirtualAlloc
VirtualFree
VirtualProtect
SetThreadContext
FlushInstructionCache
WriteProcessMemory
VirtualProtectEx
GetThreadContext
GetExitCodeThread
ResumeThread
DuplicateHandle
CreateRemoteThread
CreateProcessA
GetCurrentThread
GetVersionExA
Process32Next
Process32First
CreateToolhelp32Snapshot
VirtualAllocEx
IsBadReadPtr
OpenFile
CreateEventA
WaitForSingleObject
lstrcatA
CreateFileA
GetSystemDirectoryA
GetTempPathA
CreateThread
GetTempFileNameA
GetFileSize
MapViewOfFile
RemoveDirectoryA
ExitProcess
GetModuleHandleA
GetModuleFileNameA
GetCurrentProcessId
OutputDebugStringA
GetCurrentProcess
HeapAlloc
lstrlenA
HeapReAlloc
GetLastError
lstrcpyA
HeapFree
GetProcessHeap
lstrcmpiA
OpenProcess

user32

GetMessageA
TranslateMessage
DispatchMessageA
MessageBoxA
wsprintfA
wvsprintfA

advapi32

OpenProcessToken
GetTokenInformation
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
OpenThreadToken
AdjustTokenPrivileges
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegEnumValueA
RegCreateKeyExA
RegDeleteValueA
RegSetValueExA
FreeSid
EqualSid
AllocateAndInitializeSid

wininet

InternetReadFile
HttpQueryInfoA
InternetCloseHandle
InternetCanonicalizeUrlA
InternetOpenA
InternetCrackUrlA
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
HttpAddRequestHeadersA

ws2_32

inet_addr
WSACleanup
WSAStartup
gethostbyname

Exports

Exports

StartDownload
_WorkDummy@4
_WorkProc@4
__mp@4

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7ae27b64f1c7f7175bc9561d72a4b426

Headers

File Characteristics

Imports

shlwapi

kernel32

user32

advapi32

wininet

ws2_32

Exports

Exports

Sections

.text Size: 23KB - Virtual size: 23KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 23KB - Virtual size: 23KB

.reloc
Size: 2KB - Virtual size: 2KB