8556c08b091e7d7c5f89b420d88bb941_JaffaCakes118

General

Target

8556c08b091e7d7c5f89b420d88bb941_JaffaCakes118
Size

80KB
MD5

8556c08b091e7d7c5f89b420d88bb941
SHA1

82f2416d0acf240cf7318e70c737658cf4c6427d
SHA256

d118c53665521121cbf8b2bac5896854011249ef10a3c98579aefff241b9e912
SHA512

c6b30760dea56c0f6a6f4286dce0ffd61df1e26215c26c9149555160ef0fae1ad9c1d812bb1e0f5342f9ca862f52cd0f504848253d9819b9eb34ef96b7e745d6
SSDEEP

1536:mxpHYjN4LmliiJoRu9PnWp9mbwgAaICL0rgI/l:mn4j6SliAoQWC0gAaIhrgI/l

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8556c08b091e7d7c5f89b420d88bb941_JaffaCakes118

Files

8556c08b091e7d7c5f89b420d88bb941_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ad8d2d1c30f7f4cde5d03d9b583c33f0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
CreateMutexA
GetModuleFileNameA
HeapCreate
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
CreateThread
HeapFree
DeleteCriticalSection
CloseHandle
GetCurrentProcessId
GetCurrentThreadId
FlushFileBuffers
GetLocaleInfoA
GetTickCount
ExitProcess
Sleep
HeapAlloc
lstrlenA
SetEnvironmentVariableA
CompareStringW
CompareStringA
HeapSize
ReadFile
QueryPerformanceCounter
SetStdHandle
InterlockedExchange
RtlUnwind
LoadLibraryA
LCMapStringW
LCMapStringA
GetCPInfo
GetOEMCP
GetACP
GetStringTypeW
GetStringTypeA
CreateProcessA
WaitForSingleObject
GetExitCodeProcess
VirtualQuery
GetSystemInfo
VirtualProtect
MultiByteToWideChar
SetFilePointer
GetFileType
GetSystemTimeAsFileTime
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersionExA
GetProcAddress
TerminateProcess
GetCurrentProcess
GetFileAttributesA
HeapDestroy
VirtualFree
VirtualAlloc
HeapReAlloc
WriteFile
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetTimeZoneInformation

user32

wsprintfA

advapi32

RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegDeleteValueA

ws2_32

WSAGetLastError
listen
WSAAccept
shutdown
getpeername
WSAStartup
send
recv
inet_addr
closesocket
htons
sendto
htonl
WSASocketA
setsockopt
ntohs
bind
getsockname
connect
ioctlsocket
select
__WSAFDIsSet
ntohl
recvfrom
gethostbyname

Sections

.text
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ad8d2d1c30f7f4cde5d03d9b583c33f0

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

Sections

.text Size: 60KB - Virtual size: 57KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 4KB - Virtual size: 8KB

.text
Size: 60KB - Virtual size: 57KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 8KB