a465a697528715bcc41b22d77e0e24a5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a465a697528715bcc41b22d77e0e24a5_JaffaCakes118
Size

88KB
MD5

a465a697528715bcc41b22d77e0e24a5
SHA1

85556568a0cba69b312b5654218df67c11b43fda
SHA256

bd934dd8eaed55fe2b906f8273e0c190e8dbea373586d26f07d1166c840cbbb8
SHA512

6ce1260faee7decb9314c0b7511cf0d82db5160618d2d4edac6a74bb07b37ce0df912c15edfa69f144763c7ae81550bb7bd749a5fc33c1c5e28544016a7eca37
SSDEEP

1536:iMi4NulMqsEUqBhF+tbFozP5TPyeLJKID3c1wBGZ5DpwnxT8EJLMCL68My/Db:Fi48lpDvBebKz71s1yGVwxgox/D

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a465a697528715bcc41b22d77e0e24a5_JaffaCakes118

Files

a465a697528715bcc41b22d77e0e24a5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

636367b7116766a47ec535f9364356ca

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenProcess
Process32Next
CloseHandle
Process32First
CreateToolhelp32Snapshot
GetCurrentProcess
WaitForSingleObject
ExitProcess
VirtualFreeEx
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
GetCurrentProcessId
GetModuleFileNameA
TerminateProcess
ReadFile
ConnectNamedPipe
SetEvent
CreateNamedPipeA
DeleteFileA
CreateThread
CreateEventA
SizeofResource
LockResource
LoadResource
FindResourceA
GetDriveTypeA
GetDiskFreeSpaceExA
GetLastError
LoadLibraryA
GetProcAddress
DisconnectNamedPipe
FreeLibrary
GetSystemInfo
VirtualProtect
GetLocaleInfoA
HeapFree
HeapReAlloc
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleA
GetCommandLineA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
VirtualAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetSystemTimeAsFileTime
WriteFile
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
InitializeCriticalSection
RtlUnwind
InterlockedExchange
VirtualQuery
FlushFileBuffers
SetFilePointer
SetStdHandle
CreateFileA
HeapSize
GetACP
GetOEMCP
GetCPInfo
SetEndOfFile
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW

user32

wsprintfA

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
RegSetValueExA
RegCloseKey
OpenProcessToken

ws2_32

htons
inet_addr
connect
WSAStartup
closesocket
send
socket

netapi32

NetLocalGroupGetMembers
NetApiBufferFree

Sections

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

636367b7116766a47ec535f9364356ca

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

netapi32

Sections

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 35KB - Virtual size: 40KB

.sxdata Size: 512B - Virtual size: 176B

.rsrc Size: 43KB - Virtual size: 43KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 35KB - Virtual size: 40KB

.sxdata
Size: 512B - Virtual size: 176B

.rsrc
Size: 43KB - Virtual size: 43KB