a483e53a5d46c51f18887062e0afb833_JaffaCakes118

General

Target

a483e53a5d46c51f18887062e0afb833_JaffaCakes118
Size

38KB
MD5

a483e53a5d46c51f18887062e0afb833
SHA1

6994edb5c48a617acd053a49ce2b8507106049ae
SHA256

25888413eb68a0944a0ca82030140a1c81dbcd48f63d0e9e3b028054a59d57b1
SHA512

8325f39f07cee7e57abd44c4612fcbc214b652fcba78f7fe0390db49a915baa3d764af3b3f48ba0d499567888ee6a6550bcec089198f4b799441447fb8822afb
SSDEEP

768:XDYmPd5Yu817m/yRHZskElEftEMEHUtdX3VBmMA:XDYmgu817Uysku2t17Fj3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a483e53a5d46c51f18887062e0afb833_JaffaCakes118

Files

a483e53a5d46c51f18887062e0afb833_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a957d76cbb5eb8a914b481f6b44b5e35

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHFileOperationA
ShellExecuteA

user32

RegisterClassExA
MessageBeep
UnhookWindowsHookEx
PostQuitMessage
SystemParametersInfoA
SetWindowsHookExA
SendMessageA
TranslateMessage
MessageBoxA
IsIconic
LoadIconA
LoadCursorA
CloseWindow
CreateWindowExA
DefWindowProcA
DispatchMessageA
GetForegroundWindow
GetMessageA
ExitWindowsEx
wsprintfA
FindWindowA

kernel32

GetVolumeInformationA
TerminateProcess
WinExec
GetProcAddress
GetDriveTypeA
lstrlenA
lstrcpynA
lstrcpyA
lstrcmpA
lstrcatA
CloseHandle
CopyFileA
CreateDirectoryA
CreateProcessA
DeleteFileA
ExitProcess
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetCommandLineA
GetComputerNameA
GetCurrentProcess
_llseek
GetFileAttributesA
GetFileSize
GetModuleFileNameA
GetModuleHandleA
_lwrite
GetSystemDirectoryA
GetTickCount
GetVersionExA
SetFileAttributesA
GetWindowsDirectoryA
LoadLibraryA
OpenProcess
SetCurrentDirectoryA
Sleep
_lread
_lopen
_lclose
_lcreat

wsock32

send
socket
recv
listen
htons
closesocket
bind
accept
WSACleanup
WSAAsyncSelect
WSAStartup

advapi32

RegDeleteValueA
RegSetValueExA
RegOpenKeyA
RegEnumValueA
RegEnumKeyA
AdjustTokenPrivileges
RegDeleteKeyA
RegCreateKeyA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
GetUserNameA

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a957d76cbb5eb8a914b481f6b44b5e35

Headers

File Characteristics

Imports

shell32

user32

kernel32

wsock32

advapi32

Sections

.text Size: 27KB - Virtual size: 27KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 6KB - Virtual size: 91KB

.rsrc Size: 1024B - Virtual size: 928B

.text
Size: 27KB - Virtual size: 27KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 6KB - Virtual size: 91KB

.rsrc
Size: 1024B - Virtual size: 928B