8a840327cc8e8a4295f98ffef7be23d1_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8a840327cc8e8a4295f98ffef7be23d1_JaffaCakes118
Size

23KB
MD5

8a840327cc8e8a4295f98ffef7be23d1
SHA1

42e79ac215aebaec1039244fba0fea23fad4aded
SHA256

3b81cd6fa6bb9a61fffc02091f8ef29a618c5d887d7bfe7b488f807f96d79be1
SHA512

7e99e2204dc1dcde2ea68edd25d3957367d5f157a6ae6352a4e2b0d7173ccb7ec1574433d9f946da782c5471c09d004d14e3c0eac30fad52f032f082a4bb5435
SSDEEP

384:AIhe9yS6v7BwYbjTfWy3Tn0bhcix5i8G8YLiQGzV32J/qEJm7nuyh4bGhE0AE:rg96vPjzWy3Tn0F15Cwz4J/qWyub

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8a840327cc8e8a4295f98ffef7be23d1_JaffaCakes118

Files

8a840327cc8e8a4295f98ffef7be23d1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

25cad75200b56cd365b04c5f375dac8c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CreateStreamOnHGlobal
CoTaskMemFree

kernel32

GetWindowsDirectoryA
GetDiskFreeSpaceA
GetDriveTypeA
CloseHandle
CreateFileA
CreateFileMappingA
CreateToolhelp32Snapshot
ExitProcess
lstrlenW
FindClose
FindFirstFileA
FindNextFileA
GetComputerNameA
GetCurrentDirectoryA
lstrlenA
lstrcpynA
lstrcpyA
lstrcmpiA
lstrcmpA
lstrcatA
WriteFile
WideCharToMultiByte
UnmapViewOfFile
Sleep
ReadFile
Process32Next
Process32First
OpenProcess
MultiByteToWideChar
MapViewOfFile
LocalFree
LocalAlloc
LoadLibraryA
GlobalMemoryStatus
GlobalFree
GlobalAlloc
GetFileSize
GetVolumeInformationA
GetVersionExA
GetTempPathA
GetSystemDirectoryA
GetProcAddress
GetPrivateProfileStringA
GetPrivateProfileSectionNamesA
GetPrivateProfileIntA
GetModuleFileNameA
GetLogicalDrives
GetLocaleInfoA
GetLocalTime
GetLastError
GetCurrentProcess

user32

ReleaseDC
GetDC
wsprintfA

oleaut32

SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayCreateVector

advapi32

AdjustTokenPrivileges
RegEnumValueA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyA
LookupPrivilegeValueA
RegEnumKeyExA
RegCloseKey
OpenProcessToken
GetUserNameA

shlwapi

StrCmpNA
StrRChrA
StrChrA
StrStrIA

shell32

ShellExecuteA

wsock32

socket
send
recv
gethostname
connect
closesocket
WSAStartup

ws2_32

WSAIoctl

rasapi32

RasGetEntryDialParamsA
RasEnumEntriesA
RasGetEntryPropertiesA

gdi32

GetDeviceCaps

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

19G8POW4
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

25cad75200b56cd365b04c5f375dac8c

Headers

File Characteristics

Imports

ole32

kernel32

user32

oleaut32

advapi32

shlwapi

shell32

wsock32

ws2_32

rasapi32

gdi32

Sections

.text Size: 15KB - Virtual size: 14KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 185KB

19G8POW4 Size: 512B - Virtual size: 4KB

.text
Size: 15KB - Virtual size: 14KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 185KB

19G8POW4
Size: 512B - Virtual size: 4KB