833c3a86abb783d442aee798e860b0be_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

833c3a86abb783d442aee798e860b0be_JaffaCakes118
Size

49KB
MD5

833c3a86abb783d442aee798e860b0be
SHA1

c404fd84d801aa993559cc945c2a8543b9620a14
SHA256

9cb55a5c1c3f171326fb3be761d8478445dbcdf13f730a089aac141ed5f4ffa5
SHA512

ed4c66ddf9f9d659b26ad458ff216d73d44063a06dba5a629826910ce045f11fb3448fbbbc3061ce72494ac0278f5364b7fd4a8daf959bb8b0d566e325ac755e
SSDEEP

1536:MXxAzAAC/bx5a9Hn9+TYcFfXwmhAxJocOX9L+Q7uk2v9tdcRBazgdO1F:MXxAzAAC/bx5a9Hn9+McFfXwmhAxJocB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
833c3a86abb783d442aee798e860b0be_JaffaCakes118

Files

833c3a86abb783d442aee798e860b0be_JaffaCakes118
.exe windows:1 windows x86 arch:x86

da1578c5a6a8f3831d5758f5458f6345

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetCloseHandle
InternetConnectA
InternetOpenA
InternetOpenUrlA
InternetReadFile
FtpPutFileA

shell32

ShellExecuteA

psapi

EnumProcessModules
EnumProcesses
GetModuleBaseNameA

kernel32

GetCommandLineA
GetCurrentProcessId
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetSystemDirectoryA
CloseHandle
GetTempPathA
GetTickCount
GlobalAlloc
GlobalFree
CopyFileA
MultiByteToWideChar
OpenProcess
QueryPerformanceCounter
QueryPerformanceFrequency
RtlUnwind
CreateFileA
SetFilePointer
Sleep
TerminateProcess
WriteFile
CreateProcessA
CreateThread

user32

DialogBoxIndirectParamA
GetForegroundWindow
SetWindowsHookExA
CallNextHookEx
ShowWindow
CreateWindowExA

advapi32

LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges
RegDeleteValueA
RegCreateKeyExA
RegCloseKey
RegSetValueExA

ws2_32

WSACleanup
inet_ntoa
inet_addr
htons
htonl
socket
gethostbyname
connect
closesocket
setsockopt
sendto
WSAStartup
WSASocketA
send
WSAGetLastError
recv

crtdll

_iob
_itoa
__GetMainArgs
_sleep
_strnicmp
atoi
atol
exit
fclose
fgets
fopen
fputc
localeconv
memcpy
memmove
memset
pow
puts
raise
rand
signal
srand
strcat
strchr
strncmp
strncpy
strstr
strtok
strtol
wcslen
wctomb

Exports

Exports

_HookProc@12

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 84B - Virtual size: 84B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

da1578c5a6a8f3831d5758f5458f6345

Headers

File Characteristics

Imports

wininet

shell32

psapi

kernel32

user32

advapi32

ws2_32

crtdll

Exports

Exports

Sections

.text Size: 35KB - Virtual size: 35KB

.bss Size: - Virtual size: 2KB

.data Size: 8KB - Virtual size: 8KB

.idata Size: 2KB - Virtual size: 2KB

.edata Size: 84B - Virtual size: 84B

.text
Size: 35KB - Virtual size: 35KB

.bss
Size: - Virtual size: 2KB

.data
Size: 8KB - Virtual size: 8KB

.idata
Size: 2KB - Virtual size: 2KB

.edata
Size: 84B - Virtual size: 84B