956c14e0d8246adc164a60cd0e8ce59f_JaffaCakes118

General

Target

956c14e0d8246adc164a60cd0e8ce59f_JaffaCakes118
Size

24KB
MD5

956c14e0d8246adc164a60cd0e8ce59f
SHA1

3239f3702b24589c7892e5ac9788793815836418
SHA256

85becc9cefb91aa7d003226ab5d5a51c469ead1204084b8aa6380e4b294f7810
SHA512

ac8ff46659d5c2ff3e62a8bdf6c35c8e8e6aa17d128db6c8bf7d2ba49d8ce3fb03fe1cd9b7232c79d0ed5a9506a710756fcec047b8c7d47c0595da6bf88795b0
SSDEEP

384:sTXc8LvMN9s7cVP6dq2ZRX9K2mNAulnWREWLt:sweUg7yP602ZRX9K2m2UWRE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
956c14e0d8246adc164a60cd0e8ce59f_JaffaCakes118

Files

956c14e0d8246adc164a60cd0e8ce59f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bce03aa9ddb0d0505d23ffd370a4f676

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetReadFile
InternetOpenA
InternetCloseHandle
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetErrorDlg
InternetConnectA

advapi32

RegQueryValueExA
RegCloseKey
GetUserNameA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyExA

user32

PostThreadMessageA
GetDesktopWindow
GetMessageA

msvcrt

strlen
fclose
fwrite
fopen
strncmp
free
atoi
_sleep
_strnicmp
fscanf
strcat
strncpy
memset
_snprintf
realloc
malloc
fflush
_filelength
memcpy
_exit
_XcptFilter
_strdup
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
sprintf
strrchr
exit
_strupr
_acmdln

iphlpapi

GetAdaptersInfo

ws2_32

inet_ntoa
gethostbyname
WSAStartup
WSACleanup
gethostname

shell32

DoEnvironmentSubstA

shlwapi

PathFileExistsA

psapi

EnumProcessModules
GetModuleBaseNameA
EnumProcesses

kernel32

OpenProcess
GetVersionExA
DeleteFileA
GetModuleHandleA
GetStartupInfoA
GetComputerNameA
CreateProcessA
SetFileAttributesA
CreateFileA
DeviceIoControl
CloseHandle
GetCurrentThreadId
CreateMutexA
GetModuleFileNameA
Sleep
GetLastError

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bce03aa9ddb0d0505d23ffd370a4f676

Headers

File Characteristics

Imports

wininet

advapi32

user32

msvcrt

iphlpapi

ws2_32

shell32

shlwapi

psapi

kernel32

Sections

.text Size: 12KB - Virtual size: 8KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 6KB

.text
Size: 12KB - Virtual size: 8KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 6KB