a01fb73bd4946e2f286581396c7445a1_JaffaCakes118

General

Target

a01fb73bd4946e2f286581396c7445a1_JaffaCakes118
Size

14KB
MD5

a01fb73bd4946e2f286581396c7445a1
SHA1

7db8bf4b997b1248b5cf8316e56fa60a7a623c17
SHA256

9f05adad0b5879cf787cf124836b9f9668d66d7e7e8f3ee2bcbdd370bd484c55
SHA512

1d7f8474425a8155c727ef9647a6924c19a33f4469c571c6377a072bb8b9bc28b78e2aebf3b5ed97e980788ca4eeb9ecb6e239a9ec9d8b589d0427353332f80d
SSDEEP

192:KT1e8qamih6yEVyG+zjDmLrTdTdqN1v9RNOhlzro2dVeW0EM9sC:s1EamiwzcHm7dTds1nNOhlVVYEM9sC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a01fb73bd4946e2f286581396c7445a1_JaffaCakes118

Files

a01fb73bd4946e2f286581396c7445a1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

dc5b4650a9019ffd320df734e7e7d530

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
CreateRemoteThread
OutputDebugStringA
WriteProcessMemory
DuplicateHandle
GetCurrentProcess
GetProcAddress
GetModuleHandleA
VirtualAllocEx
Process32Next
Process32First
CreateToolhelp32Snapshot
TerminateJobObject
AssignProcessToJobObject
CreateJobObjectA
OpenProcess
FindClose
CreateEventA
GlobalFree
SetFileTime
WriteFile
GlobalAlloc
SetEndOfFile
ReadFile
SetFilePointer
FindFirstFileA
DeleteFileA
GetTickCount
SetCurrentDirectoryA
GetCurrentDirectoryA
GetTempPathA
GetSystemDirectoryA
FreeLibrary
LoadLibraryA
WaitForSingleObject
SetEvent
CreateThread
CreateProcessA
Sleep
GetModuleFileNameA
GetWindowsDirectoryA
lstrcmpA
CreateFileA
CopyFileA
WinExec
SetFileAttributesA
GetFileSize
CloseHandle
FindNextFileA
ExitProcess

user32

wsprintfA

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
CreateServiceA
ChangeServiceConfig2A
StartServiceCtrlDispatcherA
OpenSCManagerA
OpenServiceA
StartServiceA
CloseServiceHandle
RegisterServiceCtrlHandlerA
SetServiceStatus
RegOpenKeyExA
RegSetValueExA
GetUserNameA
OpenProcessToken

ws2_32

htons
connect
inet_addr
gethostbyname
WSASocketA
WSAStartup

shlwapi

StrStrA

msvcrt

srand
rand
sprintf
strstr
_except_handler3
atoi

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dc5b4650a9019ffd320df734e7e7d530

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

shlwapi

msvcrt

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 3KB - Virtual size: 3KB

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 3KB - Virtual size: 3KB