8d99195d6925c19fd5e4a3c6af99e41f_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8d99195d6925c19fd5e4a3c6af99e41f_JaffaCakes118
Size

81KB
MD5

8d99195d6925c19fd5e4a3c6af99e41f
SHA1

27928d314be57f2b8e90f33cd33da273a985c2f9
SHA256

f611c637e3c8d8b72ac3af08c2fb0e79d2f35c4b2c5e923baa2a120474f54f2b
SHA512

584dd24d39a5b1c6acf18be5c98959a2cd2d6b202b43fbebb4068724e0ec47a877237cdfce4b1a53fc71eb245c491c024b881efec2182b6bfd8d507799e9e17c
SSDEEP

768:OsWUWcY9b13BnNU1PgZ2rQ2lye285D495lnQ+gcHxgxL19cQXttwyjjzmSVxVsZi:QcYxD9aL4Q9bOQXttwyjnmwIvMohQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8d99195d6925c19fd5e4a3c6af99e41f_JaffaCakes118

Files

8d99195d6925c19fd5e4a3c6af99e41f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

82dee4f2fe8eaa65159a57ee8f395173

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
WriteFile
CreateFileA
GetTempPathA
GetTickCount
ExitThread
GetComputerNameA
HeapFree
CreateProcessA
HeapAlloc
GetProcessHeap
GetLocaleInfoA
ExitProcess
ExpandEnvironmentStringsA
GetCurrentProcessId
GetCurrentDirectoryA
CreateMutexA
SetErrorMode
GetCurrentProcess
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleHandleA
GetModuleFileNameA
GetWindowsDirectoryA
lstrcmpiA
GetFileAttributesA
SetFileAttributesA
CopyFileA
GetLastError
GetVersionExA
Sleep
LCMapStringA
SetStdHandle
ReadFile
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
FlushFileBuffers
SetFilePointer
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
MultiByteToWideChar
RtlUnwind
GetStartupInfoA
GetCommandLineA
GetVersion
RaiseException
TerminateProcess
HeapReAlloc
HeapSize
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
UnhandledExceptionFilter
FreeEnvironmentStringsA

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyExA
RegSetValueExA
RegCloseKey
GetUserNameA
OpenProcessToken

shell32

ShellExecuteA

ws2_32

recv
WSACleanup
WSAStartup
inet_addr
gethostbyname
send
closesocket
select
htons
socket
connect

urlmon

URLDownloadToFileA

shlwapi

PathRemoveFileSpecA

ntdll

NtQuerySystemInformation
ZwSystemDebugControl

Sections

.text
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

82dee4f2fe8eaa65159a57ee8f395173

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

ws2_32

urlmon

shlwapi

ntdll

Sections

.text Size: 59KB - Virtual size: 58KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 13KB - Virtual size: 23KB

.text
Size: 59KB - Virtual size: 58KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 13KB - Virtual size: 23KB