8d251ef81b1e2251601a7b2b0c03ec05_JaffaCakes118

General

Target

8d251ef81b1e2251601a7b2b0c03ec05_JaffaCakes118
Size

15KB
MD5

8d251ef81b1e2251601a7b2b0c03ec05
SHA1

6ec3c145ed60657eac44efee2e262b785cb7ea1e
SHA256

33774900681b25519d0b023d6d78a043cc2dff0a21d6f6df89e314c91118c0fd
SHA512

fdc8f60a5e7bb474a5f6b3d94d332b728c16f24f8660257d2fd7d531c501f3c9e6f1f6de33a347b009f5b8321c22b360589ba84dae9576e15ee96e85c9683a78
SSDEEP

384:5Ow49LuHetd5YsLvLS2rKMMXAA3ZnEXxXEep1h+IxOKo5JKV:5f8LuHetvYWqpZnwxXnX8P5wV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8d251ef81b1e2251601a7b2b0c03ec05_JaffaCakes118

Files

8d251ef81b1e2251601a7b2b0c03ec05_JaffaCakes118
.exe windows:4 windows x86 arch:x86

224d87e3b38dda512e15d0ddb804d758

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TerminateProcess
WaitForSingleObject
CreateThread
SetCurrentDirectoryA
GetWindowsDirectoryA
CreatePipe
GetComputerNameA
CreateProcessA
CopyFileA
GetTempPathA
OpenProcess
GetFileAttributesA
GetExitCodeProcess
ExpandEnvironmentStringsA
GetVolumeInformationA
GetDriveTypeA
lstrcatA
GetLogicalDrives
Process32Next
Process32First
CreateToolhelp32Snapshot
GetFileSize
CreateFileA
GetCurrentProcess
GetModuleHandleA
PeekNamedPipe
ReadFile
CloseHandle
WriteFile
Sleep
GetSystemDirectoryA
GetLastError
GetStartupInfoA

msvcrt

_strcmpi
__CxxFrameHandler
atol
sscanf
strrchr
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
malloc
strlen
strstr
??3@YAXPAX@Z
strcpy
memset
??2@YAPAXI@Z
sprintf
free
strcat
atoi

wininet

HttpSendRequestA
InternetQueryOptionA
InternetCloseHandle
InternetSetOptionA
HttpOpenRequestA
HttpAddRequestHeadersA
InternetOpenA
InternetReadFile
InternetConnectA

advapi32

CreateProcessAsUserA
ControlService
CloseServiceHandle
OpenServiceA
OpenSCManagerA
EnumServicesStatusExA
StartServiceA
OpenProcessToken

urlmon

URLDownloadToFileA

secur32

GetUserNameExA

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

224d87e3b38dda512e15d0ddb804d758

Headers

File Characteristics

Imports

kernel32

msvcrt

wininet

advapi32

urlmon

secur32

Sections

.text Size: 9KB - Virtual size: 8KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 792B

.text
Size: 9KB - Virtual size: 8KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 792B