823144c791ad3d980b03c547571c6f02_JaffaCakes118

General

Target

823144c791ad3d980b03c547571c6f02_JaffaCakes118
Size

48KB
MD5

823144c791ad3d980b03c547571c6f02
SHA1

b6d0f0ee13772cb7646dae0dc12a2b2bd07e946e
SHA256

486022a6a3e16eb93897e76a165354628584ed71c73ebbf76903032a564b2c20
SHA512

68697b41af352c3ad1540219016e609eb21624b37f11fc2eb27fd4c2607d3d698c8c57c0ba89bdc89ca36402fdfc1512471e5b1590f6424ab0e35e69ee73eeec
SSDEEP

384:Par2d0oWoIXQ45FlDvCUZxOTuarmlixDeDvMujn5tfu4b/kvb/ySYsZ5yGDHcamh:ParjCA8q0erMuDz2C/kvb/Io8aNDo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
823144c791ad3d980b03c547571c6f02_JaffaCakes118

Files

823144c791ad3d980b03c547571c6f02_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9cbae6324b8b4c74d4782def826140be

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
Process32First
CreateToolhelp32Snapshot
lstrlenA
GetModuleFileNameA
GetTickCount
GetCurrentProcessId
LoadLibraryA
Process32Next
TerminateProcess
OpenProcess
DeleteFileA
GetCurrentDirectoryA
GetEnvironmentVariableA
DeviceIoControl
CreateFileA
CopyFileA
Sleep
GetProcAddress
GetModuleHandleA
GetStartupInfoA
HeapAlloc
HeapFree
MultiByteToWideChar
RtlUnwind
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
WriteFile
SetFilePointer
ReadFile
GetLastError
LCMapStringA
SetEndOfFile
GetOEMCP
LCMapStringW
GetACP
GetCPInfo
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
VirtualAlloc
GetCommandLineA
ExitProcess
GetCurrentProcess
HeapReAlloc
GetVersion
HeapDestroy
HeapCreate
VirtualFree

user32

SetTimer
wsprintfA
GetMessageA
DispatchMessageA
TranslateMessage
IsWindow
FindWindowExA

advapi32

RegCreateKeyA
RegSetValueExA

shell32

ShellExecuteA

wsock32

socket
recv
WSAStartup
gethostbyname
WSACleanup
connect
send
closesocket
htons

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9cbae6324b8b4c74d4782def826140be

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

wsock32

Sections

.text Size: 32KB - Virtual size: 28KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 4KB - Virtual size: 256B

.text
Size: 32KB - Virtual size: 28KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 4KB - Virtual size: 256B