8424ce5210d23fc186aac3ee87368f19_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8424ce5210d23fc186aac3ee87368f19_JaffaCakes118
Size

68KB
MD5

8424ce5210d23fc186aac3ee87368f19
SHA1

f4a9814986c91f4401fb9c0c3338c0a4b5dac342
SHA256

1feeb2533faa7cee11582bec591e1d5170fe0b9a9a51295e4622658de657c90a
SHA512

4237291164a37cd21bcd16e0d26e0e86dd344e204c3eb952eaa896fb78c77f24ae7a4c4805f6a1b6767a209a27a00ef9398dee0571d95293f07945f4b9b1100d
SSDEEP

768:KQbxw/ncaPO7ZE+BcDYVdSleCOZ1dzEkidMNSAi1QCLQ0F/8g9tCaC:jb20aPOFE+BhVjzEkidMBOQYQzEt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8424ce5210d23fc186aac3ee87368f19_JaffaCakes118

Files

8424ce5210d23fc186aac3ee87368f19_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2157748b5be8b4a8686cd8d88ea63ec0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

inet_addr
select
WSAStartup
gethostbyname
sendto
WSACleanup
htons
socket
connect
send
closesocket
recv

user32

FindWindowA
CharLowerA

advapi32

RegCloseKey
DeleteService
ControlService
CreateServiceA
LockServiceDatabase
QueryServiceLockStatusA
ChangeServiceConfig2A
UnlockServiceDatabase
OpenSCManagerA
OpenServiceA
StartServiceA
CloseServiceHandle
RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceCtrlDispatcherA
RegCreateKeyExA
GetUserNameA
RegSetValueExA

shfolder

SHGetFolderPathA

kernel32

MultiByteToWideChar
GetCPInfo
CompareStringA
CompareStringW
GetACP
GetOEMCP
SetEnvironmentVariableA
GetStringTypeA
GetStringTypeW
GetExitCodeProcess
GetProcAddress
LoadLibraryA
SetEndOfFile
LCMapStringA
LCMapStringW
CreateMutexA
SetFilePointer
FlushFileBuffers
CloseHandle
ReadProcessMemory
OpenProcess
Module32Next
DeleteFileA
Sleep
TerminateProcess
SetFileAttributesA
Module32First
CreateToolhelp32Snapshot
ExitThread
Process32Next
Process32First
GetModuleFileNameA
GetModuleHandleA
CreateProcessA
ExitProcess
GetTickCount
GetVersionExA
GetLocaleInfoA
CreateThread
CreateFileA
ReleaseMutex
GetComputerNameA
GetDriveTypeA
lstrcmpiA
GetLastError
CreateDirectoryA
OpenMutexA
SetErrorMode
WaitForSingleObject
SetEvent
LocalFree
LocalAlloc
CopyFileA
GetLogicalDriveStringsA
HeapAlloc
GetStartupInfoA
GetCommandLineA
GetVersion
HeapFree
WriteFile
WideCharToMultiByte
GetCurrentProcess
ReadFile
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
GetFileAttributesA
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
RtlUnwind
SetStdHandle

Sections

.text
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2157748b5be8b4a8686cd8d88ea63ec0

Headers

File Characteristics

Imports

ws2_32

user32

advapi32

shfolder

kernel32

Sections

.text Size: 46KB - Virtual size: 45KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 17KB - Virtual size: 26KB

.text
Size: 46KB - Virtual size: 45KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 17KB - Virtual size: 26KB