8585a45f8ac358081c5493563fa603d2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8585a45f8ac358081c5493563fa603d2_JaffaCakes118
Size

60KB
MD5

8585a45f8ac358081c5493563fa603d2
SHA1

ceb63171538cbfd70bcf32a27dc2df314f34545d
SHA256

652a1cdc465e4371c59b6871e9a89f754a7803cc5445a41f38ed785aafb45e7b
SHA512

6be8253dd0d71a4ec46c8fb9570e94b44af0e353851af3db831974b3e85391074a09a620df224af85eaa09e6e02337269eb4c8f190088dca79a8ec8327e9be0f
SSDEEP

768:pGDbNXxKF9obEvu2884x3TwZDn6hrw4FUhFpkZGMU5Ao:pG1BKFK55x3TwZDn6hDFEFcJ5o

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8585a45f8ac358081c5493563fa603d2_JaffaCakes118

Files

8585a45f8ac358081c5493563fa603d2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3f2e57a6c45cea70b4c7fcd2ba43dcc9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

inet_addr
htons
WSAStartup
socket
WSACleanup
sendto
closesocket

kernel32

LoadLibraryA
lstrlenA
lstrcmpA
VirtualAlloc
GetCurrentProcess
LeaveCriticalSection
EnterCriticalSection
Process32Next
TerminateProcess
Process32First
CreateToolhelp32Snapshot
Sleep
GetProcAddress
FreeLibrary
LocalFree
LocalAlloc
DeleteCriticalSection
GetShortPathNameA
GetModuleFileNameA
InitializeCriticalSection
GetACP
GetStringTypeW
GetStringTypeA
CreateFileA
GetCurrentProcessId
OpenProcess
VirtualAllocEx
GetLastError
ReadProcessMemory
VirtualQueryEx
VirtualProtectEx
WriteProcessMemory
CreateRemoteThread
WaitForSingleObject
VirtualFreeEx
CloseHandle
GetVersionExA
GetModuleHandleA
GetOEMCP
SetEndOfFile
ReadFile
GetPrivateProfileStringA
FlushFileBuffers
SetStdHandle
ExitProcess
GetStartupInfoA
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
InterlockedDecrement
InterlockedIncrement
HeapReAlloc
HeapSize
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
WriteFile
SetFilePointer
GetCPInfo
MultiByteToWideChar
LCMapStringA
LCMapStringW

user32

FindWindowA
PostMessageA

advapi32

LockServiceDatabase
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
StartServiceCtrlDispatcherA
QueryServiceLockStatusA
CreateServiceA
ChangeServiceConfigA
ChangeServiceConfig2A
DeleteService
RegisterServiceCtrlHandlerA
SetServiceStatus
OpenSCManagerA
OpenServiceA
CloseServiceHandle
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

shell32

ShellExecuteExA

Sections

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3f2e57a6c45cea70b4c7fcd2ba43dcc9

Headers

File Characteristics

Imports

ws2_32

kernel32

user32

advapi32

shell32

Sections

.text Size: 32KB - Virtual size: 30KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 8KB - Virtual size: 14KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 32KB - Virtual size: 30KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 8KB - Virtual size: 14KB

.reloc
Size: 8KB - Virtual size: 4KB