8beae9908ba690e1ea369602e24a4a4c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8beae9908ba690e1ea369602e24a4a4c_JaffaCakes118
Size

396KB
MD5

8beae9908ba690e1ea369602e24a4a4c
SHA1

4d0f9bc346ea150e57205f17726c90afe6dec4a0
SHA256

43ee453a86e1e972654d7e717ecc531b7bc2cf06f172e08aee111e7db1906265
SHA512

6a01a5136ed4459c76c17f3ef0170f99ba439061ac58e7d5b08ba360b6d4ae81818a458d90605d761faed5507f653a047660d21dacd11844b34e0d851685504a
SSDEEP

3072:uRpZn6A2TzcUec1eMcQC9nAkMhOiB7MowCCiQf79ER/D5+RL7YdhldmCXgRGelRZ:GpZn/Ahx0Mq+kiPICXR/YRQSR/UJW6I

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8beae9908ba690e1ea369602e24a4a4c_JaffaCakes118

Files

8beae9908ba690e1ea369602e24a4a4c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cc18637dc87d0c3db72dd5041f0c97cf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetProcAddress
LoadLibraryA
SetErrorMode
DeleteFileA
TerminateProcess
OpenProcess
ExpandEnvironmentStringsA
UnmapViewOfFile
MapViewOfFile
GetTempPathA
GetVersionExA
GlobalMemoryStatus
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
FlushFileBuffers
SetStdHandle
CreateMutexA
GetLastError
ExitProcess
GetSystemDirectoryA
GetModuleFileNameA
CopyFileA
TerminateThread
CreateThread
CreateFileA
GetTickCount
WriteFile
CloseHandle
CreateProcessA
Sleep
CreateFileMappingA
ExitThread
RtlUnwind
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
SetFilePointer
GetFileType
GetStdHandle
SetHandleCount
ReadFile
SetEndOfFile
LCMapStringW
LCMapStringA
MultiByteToWideChar
WideCharToMultiByte
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetVersion
GetCommandLineA
GetStartupInfoA
GetCurrentProcess
HeapAlloc
HeapFree

user32

GetWindowTextA
FindWindowA
SendMessageA
GetForegroundWindow
GetAsyncKeyState
GetKeyState

advapi32

StartServiceA
OpenServiceA
ControlService
DeleteService
OpenSCManagerA
CreateServiceA
CloseServiceHandle
ChangeServiceConfig2A
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetUserNameA

shell32

ShellExecuteA

ws2_32

getsockname
bind
listen
select
accept
WSACleanup
htons
inet_addr
socket
connect
recv
gethostbyaddr
send
closesocket
gethostbyname
ioctlsocket
WSAAsyncSelect
ntohs
WSAIoctl
gethostname
__WSAFDIsSet
WSAStartup
inet_ntoa

wininet

InternetReadFile
FtpGetFileA
InternetConnectA
InternetOpenA
FtpPutFileA
InternetCloseHandle
InternetOpenUrlA

netapi32

NetShareDel

psapi

EnumProcesses
EnumProcessModules
GetModuleBaseNameA

Sections

.text
Size: 376KB - Virtual size: 376KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ifc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cc18637dc87d0c3db72dd5041f0c97cf

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ws2_32

wininet

netapi32

psapi

Sections

.text Size: 376KB - Virtual size: 376KB

.rsrc Size: 4KB - Virtual size: 4KB

.ifc Size: 12KB - Virtual size: 12KB

.text
Size: 376KB - Virtual size: 376KB

.rsrc
Size: 4KB - Virtual size: 4KB

.ifc
Size: 12KB - Virtual size: 12KB