8daabd07ea6c74d65a29bb6b5a4789c8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8daabd07ea6c74d65a29bb6b5a4789c8_JaffaCakes118
Size

26KB
MD5

8daabd07ea6c74d65a29bb6b5a4789c8
SHA1

227f194c48ece5e5837ff65e32656e8e9d6e6d06
SHA256

e2e1a41b2b681bcda226e5a39d39c1df6b4d86886e1cd529c1817eaf7063b622
SHA512

b79fa8f0abe6cf23961bafbad1c135ba2abb9a2a79de2804bf55b5cdbd56dcb216229353ae2f66431484150f5530c79153043d644ed00425a719f80219a84eb9
SSDEEP

768:GBTDRqRYY1vScAD9isivql1wFCvaCZWoCZBBL96f:GBTDQSads9Jivql1DvbuB8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8daabd07ea6c74d65a29bb6b5a4789c8_JaffaCakes118

Files

8daabd07ea6c74d65a29bb6b5a4789c8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b5d9e02a04b1ed277783c2aabbf55174

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSAStartup
WSACleanup
ioctlsocket
gethostbyname

shlwapi

SHDeleteKeyA

kernel32

lstrcpyA
GetCurrentProcessId
GetModuleFileNameA
GetModuleHandleA
lstrcatA
lstrlenA
WritePrivateProfileStringA
GetPrivateProfileSectionNamesA
Sleep
PulseEvent
CreateThread
HeapFree
GetTickCount
GetCurrentThreadId
UnmapViewOfFile
WaitForSingleObject
GetLastError
CreateEventA
lstrcmpA
FreeLibrary
LoadLibraryA
lstrcpynA
CloseHandle
OpenEventA
MapViewOfFileEx
CreateFileMappingA
VirtualAlloc
VirtualFree
GetProcAddress
VirtualProtect
HeapReAlloc
SetThreadContext
OutputDebugStringA
WriteProcessMemory
VirtualProtectEx
GetThreadContext
ResumeThread
DuplicateHandle
CreateRemoteThread
OpenProcess
CreateProcessA
GetCurrentProcess
GetVersionExA
Process32Next
Process32First
CreateToolhelp32Snapshot
lstrcmpiA
VirtualAllocEx
IsBadReadPtr
GetProcessHeap
VirtualQuery
OpenFile
SetFileTime
GetFileTime
CreateFileA
GetFileAttributesA
GetSystemDirectoryA
DeleteFileA
WinExec
GetWindowsDirectoryA
CopyFileA
MapViewOfFile
SetLastError
RemoveDirectoryA
ExitProcess
TerminateThread
GetCurrentThread
HeapAlloc
FlushInstructionCache

user32

GetMessageA
MessageBoxA
wsprintfA
TranslateMessage
DispatchMessageA

advapi32

RegCloseKey
RegDeleteValueA
RegCreateKeyExA
RegEnumValueA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
OpenProcessToken
GetTokenInformation
AdjustTokenPrivileges
RegSetValueExA
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegEnumKeyExA

shell32

SHGetSpecialFolderPathA
ShellExecuteA

wininet

InternetOpenA
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetConnectA
HttpQueryInfoA
InternetCanonicalizeUrlA
InternetCloseHandle
InternetCrackUrlA
InternetReadFile
InternetQueryDataAvailable

Exports

Exports

StartDownload
_WorkProc@4
__mp@4

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b5d9e02a04b1ed277783c2aabbf55174

Headers

File Characteristics

Imports

wsock32

shlwapi

kernel32

user32

advapi32

shell32

wininet

Exports

Exports

Sections

.text Size: 23KB - Virtual size: 22KB

.reloc Size: 2KB - Virtual size: 1KB

.text Size: 512B - Virtual size: 4KB

.text
Size: 23KB - Virtual size: 22KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 512B - Virtual size: 4KB