832b91c50ca841649283c58e2c9a5f49_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

832b91c50ca841649283c58e2c9a5f49_JaffaCakes118
Size

84KB
MD5

832b91c50ca841649283c58e2c9a5f49
SHA1

18b5f0f7cf601984431c5b2fd9ba171a4f090963
SHA256

648769dedaef934d253d8d8721db7a23110a1ffd0f9a4764568819a63283ae88
SHA512

011ab0937a089eb961799f292b0d6099bd93c87e2fd3d5793a9041f3061e867bd9216d0e4a6da42b01d32857499c1fc84b0e895ef2315381344922ff128c5a30
SSDEEP

1536:YkiB4PibODEBbSyVXstJr/ic0Xiqh6WxyhSUymL+++PZGPzO:Yk6qiIgOztJujdxjmL+++PU6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
832b91c50ca841649283c58e2c9a5f49_JaffaCakes118

Files

832b91c50ca841649283c58e2c9a5f49_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7d49edf9c5467366fa65f4aad56809df

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstFileA
GetFileSize
Sleep
FreeLibrary
TerminateThread
GetCurrentDirectoryA
SetFilePointer
GetModuleFileNameA
GetTickCount
GetTempPathA
ExitProcess
VirtualQuery
VirtualProtect
ExitThread
Process32Next
Module32First
Process32First
CreateToolhelp32Snapshot
lstrcmpiA
TerminateProcess
FindClose
CreateDirectoryA
GetLogicalDriveStringsA
FindNextFileA
lstrcatA
lstrcpyA
FileTimeToSystemTime
GetLastError
LoadLibraryA
GetVersionExA
GetLocaleInfoA
GlobalMemoryStatus
GlobalLock
GlobalUnlock
GlobalAlloc
CreateMutexA
DeleteFileA
CreateFileA
GetCurrentProcessId
IsBadReadPtr
GetStartupInfoA
ReleaseSemaphore
CreateSemaphoreA
WaitForSingleObject
LocalFree
GetModuleHandleA
GetProcAddress
GetFileInformationByHandle
GetProcessHeap
HeapAlloc
HeapFree
OpenProcess
CloseHandle

user32

wsprintfA
mouse_event
SetCursorPos
GetDC
GetActiveWindow
GetWindowTextA
IsWindowVisible
MessageBoxA
SendMessageA
ShowWindow
GetClipboardData
OpenClipboard
FindWindowA
CloseClipboard
EmptyClipboard
EnumWindows
SetClipboardData
BringWindowToTop

gdi32

GetDeviceCaps

advapi32

RegOpenKeyA
SetSecurityInfo
SetEntriesInAclA
GetUserNameA
GetSecurityInfo
RegEnumKeyExA
RegEnumValueA

shell32

SHFileOperationA

ws2_32

gethostname
inet_ntoa
getsockname
inet_addr
WSACleanup
select
gethostbyname
__WSAFDIsSet
WSAStartup
socket
htons
bind
accept
shutdown
closesocket
listen

msvcrt

malloc
rand
sprintf
free
strlen
memset
strcmp
_strcmpi
__CxxFrameHandler
strcpy
strstr
??3@YAXPAX@Z
_stricmp
??2@YAPAXI@Z
strtok
srand
strncpy
atoi
strcat
memcpy

avicap32

capGetDriverDescriptionA

wininet

FtpPutFileA
InternetCheckConnectionA

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7d49edf9c5467366fa65f4aad56809df

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ws2_32

msvcrt

avicap32

wininet

Sections

.text Size: 64KB - Virtual size: 63KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 1.8MB

.text
Size: 64KB - Virtual size: 63KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 1.8MB