8ac2c30c007e01151ab9d30200136817_JaffaCakes118

General

Target

8ac2c30c007e01151ab9d30200136817_JaffaCakes118
Size

14KB
MD5

8ac2c30c007e01151ab9d30200136817
SHA1

557651933b759456d45dadd2ff17954942631887
SHA256

d050000a084f749823c45a2a5ac6df54ba72aefdd9c594632a83d16296b68808
SHA512

ed23c3f590b61e73413d9bcfff9a7f1851adf3380c15f62fe7e59a3053927906773e0a0163d9669185a25d54914f0d1d338f376156f17faf7d5c7ffc094c30cd
SSDEEP

192:6UDOCE7bYOtc7pXg84376tOzXziNIPIykG4RRXc1zw8IYi+LkkNl:6UDOrHeNwnL6wHuLRRdYP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8ac2c30c007e01151ab9d30200136817_JaffaCakes118

Files

8ac2c30c007e01151ab9d30200136817_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1c018e998bd30a71ebb813c2882f8592

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateToolhelp32Snapshot
HeapFree
ReadFile
HeapAlloc
GetProcessHeap
GetFileInformationByHandle
CreateFileA
lstrcatA
GetSystemDirectoryA
GetProcAddress
Process32First
LocalFree
lstrlenA
IsBadReadPtr
GetVersionExA
Sleep
GetVolumeInformationA
GetWindowsDirectoryA
LoadLibraryA
Process32Next
OpenProcess
CreateRemoteThread
VirtualAlloc
ReadProcessMemory
VirtualFreeEx
VirtualAllocEx
VirtualProtectEx
WriteProcessMemory
GetCurrentProcess
GetModuleHandleA
CloseHandle
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind

advapi32

RegEnumKeyExA
RegQueryValueExA
RegCloseKey
GetSecurityInfo
GetUserNameA
SetEntriesInAclA
SetSecurityInfo
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA

ws2_32

inet_addr
socket
WSAStartup
WSACleanup
htons
connect
send
closesocket

urlmon

URLDownloadToFileA

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1c018e998bd30a71ebb813c2882f8592

Headers

File Characteristics

Imports

kernel32

advapi32

ws2_32

urlmon

Sections

.text Size: 12KB - Virtual size: 11KB

.data Size: 512B - Virtual size: 1KB

.CRT Size: 512B - Virtual size: 8B

.rsrc Size: 512B - Virtual size: 176B

.text
Size: 12KB - Virtual size: 11KB

.data
Size: 512B - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 8B

.rsrc
Size: 512B - Virtual size: 176B