70afd86b85aae1e94205dea8290d2ea6_JaffaCakes118

General

Target

70afd86b85aae1e94205dea8290d2ea6_JaffaCakes118
Size

117KB
MD5

70afd86b85aae1e94205dea8290d2ea6
SHA1

cbaf914064665afca66424a255bb203d1df4db84
SHA256

3983ec356fa04707f1af3e65cebb6b4661fb266678ce7934118362f80eefb462
SHA512

f61dda49c66453245db08b26fbdc80002fba073b7ed80addf941c8c4b56a0b474c4fb1025ad2ec366f6699a09632e0ffc4319ae74299a95d729b4369cb5c2109
SSDEEP

3072:7kwPjleLhmCvBbRvFEVwnWCKBuNj2tlLaC:3ABxBFEVmIuN6DaC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
70afd86b85aae1e94205dea8290d2ea6_JaffaCakes118

Files

70afd86b85aae1e94205dea8290d2ea6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9e7a43edfedd19635a90f644551f7a9e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

ws2_32

WSASocketA
WSAIoctl
gethostbyname
connect
send
recv
WSAStartup
socket
WSAGetLastError
WSACleanup
htons
bind
listen
select
__WSAFDIsSet
accept
closesocket

kernel32

GetOEMCP
GetACP
GetCPInfo
CreateFileA
SetFilePointer
SetStdHandle
InterlockedExchange
VirtualQuery
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
GetVersionExA
GetModuleFileNameA
CloseHandle
Process32Next
TerminateProcess
OpenProcess
Process32First
CreateToolhelp32Snapshot
VirtualProtect
MoveFileA
GetLastError
CreateProcessA
CreateDirectoryA
DeleteFileA
GetSystemDirectoryA
FreeLibrary
GetProcAddress
LoadLibraryA
SetProcessPriorityBoost
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetCurrentProcess
lstrcatA
lstrcpyA
GetEnvironmentVariableA
GetShortPathNameA
GetSystemInfo
GetLocaleInfoA
SetEndOfFile
ReadFile
LCMapStringA
Sleep
IsBadWritePtr
QueryPerformanceCounter
GetStringTypeW
GetStringTypeA
LCMapStringW
IsBadReadPtr
HeapValidate
GetSystemTimeAsFileTime
DebugBreak
RaiseException
ExitProcess
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetStdHandle
WriteFile
InterlockedDecrement
OutputDebugStringA
InterlockedIncrement
SetHandleCount
GetFileType
HeapAlloc
HeapReAlloc
HeapFree
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
GetProcessHeap
RtlUnwind
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetConsoleCtrlHandler
FlushFileBuffers
MultiByteToWideChar

advapi32

RegSetValueExA
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA

shell32

ShellExecuteExA
SHChangeNotify

Sections

.text
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9e7a43edfedd19635a90f644551f7a9e

Headers

File Characteristics

Imports

ws2_32

kernel32

advapi32

shell32

Sections

.text Size: 104KB - Virtual size: 104KB

.rsrc Size: 8KB - Virtual size: 8KB

.text
Size: 104KB - Virtual size: 104KB

.rsrc
Size: 8KB - Virtual size: 8KB