7118328069c3182ca3833b6320184465_JaffaCakes118

General

Target

7118328069c3182ca3833b6320184465_JaffaCakes118
Size

38KB
MD5

7118328069c3182ca3833b6320184465
SHA1

32ddac239c6c426743f089953fc38a093b4f89ef
SHA256

df697aa7668448453d91142cf27edd09f6237c9b1e97e84d977701d2fd61ed10
SHA512

f5e232be819b3486f72fb7b0f8f3e3ac277c72def3e3684789e2bb39f4d2c328b25fd416c501cbb0182986da91d961c54a726b37c372157a5e3545de435d456c
SSDEEP

768:SsHKQZ8udOtPfixxSLbNrmu98zCShm+ITUuR6l:UQe7PeWbNKuGWShm+Itol

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7118328069c3182ca3833b6320184465_JaffaCakes118

Files

7118328069c3182ca3833b6320184465_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2d0ad6a47e7817e11eea7969ae525792

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
Sleep
GetTickCount
GetLocaleInfoA
CloseHandle
WriteFile
CreateFileA
FreeLibrary
LoadLibraryA
GetShortPathNameA
WinExec
CopyFileA
GetLastError
CreateMutexA
GetModuleFileNameA
GetModuleHandleA
Process32Next
CreateToolhelp32Snapshot
Process32First
GetSystemDirectoryA
MoveFileExA
FlushFileBuffers
GetCurrentProcess
UnhandledExceptionFilter
HeapAlloc
SetFilePointer
HeapFree
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
RtlUnwind
LCMapStringA
SetStdHandle
LCMapStringW
ExitProcess
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
GetStartupInfoA
GetCommandLineA
GetVersion
GetEnvironmentStrings
WideCharToMultiByte
TerminateProcess
HeapDestroy
GetVersionExA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentVariableA
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType

user32

BringWindowToTop
ShowWindow
VkKeyScanA
keybd_event
SetForegroundWindow
IsWindow
SetFocus
FindWindowA

advapi32

RegCloseKey
RegDeleteValueA
GetUserNameA
RegSetValueExA
RegCreateKeyExA

shell32

ShellExecuteA

ws2_32

WSACleanup
gethostbyname
WSAStartup
htons
inet_addr
send
recv
connect
socket

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2d0ad6a47e7817e11eea7969ae525792

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ws2_32

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 11KB - Virtual size: 16KB

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 11KB - Virtual size: 16KB