a78be78936d920dea354386068f43685_JaffaCakes118

General

Target

a78be78936d920dea354386068f43685_JaffaCakes118
Size

37KB
MD5

a78be78936d920dea354386068f43685
SHA1

4c11199b078ebce44062fc954eef6119ad66db19
SHA256

1250761f5afe15368c9a3ca7b2af38d4fcf7830bd5cbec5cb53c3e2692b5894e
SHA512

ce32c7efde37669893e8272f548fbcbcdfbc282f549c3c1f0ce1d82f3a38538226b5bb5b4071ea21922486316a61bc20e8d16a53e7f962f3b50beb8324eca991
SSDEEP

768:saswdlIXShj8flJC+97R8uQazUBylGYMCaeRzMsy:TMShYySR8DBylGYPf8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a78be78936d920dea354386068f43685_JaffaCakes118

Files

a78be78936d920dea354386068f43685_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4037d67e4b1cb82cd29ad25b924c15bd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

PeekNamedPipe
CreateProcessA
CloseHandle
CreatePipe
SetFilePointer
CreateFileA
CopyFileA
GetLastError
GetEnvironmentVariableA
GetDriveTypeA
GetLogicalDrives
GetCurrentDirectoryA
SetCurrentDirectoryA
FindNextFileA
ReadFile
FileTimeToLocalFileTime
FindClose
FindFirstFileA
DeleteFileA
GetFileSize
Process32Next
Process32First
CreateToolhelp32Snapshot
OpenProcess
ResumeThread
SuspendThread
TerminateThread
CreateThread
WaitForSingleObject
WriteFile
TerminateProcess
GetComputerNameA
GetVersionExA
lstrcpynA
FileTimeToSystemTime
Sleep
GetStartupInfoA
GetModuleHandleA

advapi32

RegisterServiceCtrlHandlerA
SetServiceStatus
GetUserNameA
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
StartServiceCtrlDispatcherA

shlwapi

StrStrIA

ws2_32

socket
connect
closesocket
WSASetLastError
WSAStartup
select
__WSAFDIsSet
WSAGetLastError
htons
send
recv
ntohl
inet_addr
gethostbyname
WSACleanup
ioctlsocket

msvcrt

_strnicmp
_strupr
_strdup
_stricmp
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
srand
rand
atoi
isdigit
isalpha
free
strchr
sprintf
??3@YAXPAX@Z
??2@YAPAXI@Z
strstr
printf
time

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4037d67e4b1cb82cd29ad25b924c15bd

Headers

File Characteristics

Imports

kernel32

advapi32

shlwapi

ws2_32

msvcrt

Sections

.text Size: 31KB - Virtual size: 31KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 872B

.text
Size: 31KB - Virtual size: 31KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 872B