a7b7d4ba09762dee9ab1a5bd3f9106ad_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a7b7d4ba09762dee9ab1a5bd3f9106ad_JaffaCakes118
Size

28KB
MD5

a7b7d4ba09762dee9ab1a5bd3f9106ad
SHA1

a3ca2537340aff66bdc985d790c0547059415b70
SHA256

ca89b726231ab4564be9e6723b051d31753e06761624c14f978ec70975a1a99f
SHA512

ea0fe7184bb8256a843fc74d25f241e62cda9c24c0b71606498c7fb0dc0d1e54402a44710de0e33532986b2ea100ef52a14271d491fb5c5298d6fd90a88ac2cb
SSDEEP

768:sJml7cQ0/tGlewjywZkyQh1ZdLwT6ZBxFlqds:Z4If2g09LtBQe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a7b7d4ba09762dee9ab1a5bd3f9106ad_JaffaCakes118

Files

a7b7d4ba09762dee9ab1a5bd3f9106ad_JaffaCakes118
.exe windows:4 windows x86 arch:x86

42381672eb500aa0d0368e764ebfea92

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSAStartup
WSACleanup
ioctlsocket
gethostbyname

shlwapi

SHDeleteKeyA

rpcrt4

UuidCreate
UuidToStringA
RpcStringFreeA

kernel32

HeapAlloc
GetProcessHeap
OutputDebugStringA
lstrcmpiA
lstrcpyA
GetCurrentProcessId
GetModuleFileNameA
GetModuleHandleA
HeapFree
lstrcatA
lstrlenA
WritePrivateProfileStringA
GetPrivateProfileSectionNamesA
Sleep
PulseEvent
CreateThread
GetTickCount
GetCurrentThreadId
UnmapViewOfFile
WaitForSingleObject
GetLastError
CreateEventA
lstrcmpA
FreeLibrary
LoadLibraryA
lstrcpynA
CloseHandle
OpenEventA
MapViewOfFileEx
CreateFileMappingA
VirtualAlloc
VirtualFree
GetProcAddress
VirtualProtect
HeapReAlloc
SetThreadContext
FlushInstructionCache
WriteProcessMemory
VirtualProtectEx
GetThreadContext
ResumeThread
DuplicateHandle
CreateRemoteThread
OpenProcess
CreateProcessA
GetCurrentProcess
GetVersionExA
Process32Next
Process32First
CreateToolhelp32Snapshot
VirtualAllocEx
IsBadReadPtr
VirtualQuery
OpenFile
SetFileTime
GetFileTime
CreateFileA
GetFileAttributesA
GetSystemDirectoryA
DeleteFileA
WinExec
GetWindowsDirectoryA
CopyFileA
MapViewOfFile
SetLastError
RemoveDirectoryA
ExitProcess
TerminateThread
GetCurrentThread

user32

TranslateMessage
MessageBoxA
GetMessageA
DispatchMessageA
wsprintfA

advapi32

GetTokenInformation
RegDeleteValueA
RegCreateKeyExA
RegEnumValueA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
OpenProcessToken
RegCloseKey
AdjustTokenPrivileges
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegQueryInfoKeyA
RegEnumKeyExA

shell32

ShellExecuteA
SHGetSpecialFolderPathA

wininet

InternetCrackUrlA
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetConnectA
InternetCloseHandle
InternetOpenA
InternetCanonicalizeUrlA
InternetReadFile
InternetQueryDataAvailable
HttpQueryInfoA

Exports

Exports

StartDownload
_WorkProc@4
__mp@4

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

42381672eb500aa0d0368e764ebfea92

Headers

File Characteristics

Imports

wsock32

shlwapi

rpcrt4

kernel32

user32

advapi32

shell32

wininet

Exports

Exports

Sections

.text Size: 25KB - Virtual size: 24KB

.reloc Size: 2KB - Virtual size: 1KB

Size: 512B - Virtual size: 4KB

.text
Size: 25KB - Virtual size: 24KB

.reloc
Size: 2KB - Virtual size: 1KB