a9d8cf14104c16b08b18227fd89ffc19_JaffaCakes118

General

Target

a9d8cf14104c16b08b18227fd89ffc19_JaffaCakes118
Size

49KB
MD5

a9d8cf14104c16b08b18227fd89ffc19
SHA1

710979b88049e9b06e54a4286099ee358da8a5e1
SHA256

0d166f28f2f386d103431cb2e7b10e2ca6753ac649ef18c49d1bd8f4875a47bb
SHA512

8574bf674ab0728cdb5077d6353c83e6e970febe10f93e7f5a26138650e0ea65912393e406fdf2affac37a07cc51a7872627e9ae28b8a16380343cca8365d724
SSDEEP

768:tdk/iu0oHnAvzwJL7RYufGMN3MDnZZjPo7:DUgkJvRbffNCZZDo7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a9d8cf14104c16b08b18227fd89ffc19_JaffaCakes118

Files

a9d8cf14104c16b08b18227fd89ffc19_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2f099b59a5553bd3e00e9cbb744edbde

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateThread
GetFileAttributesA
ExpandEnvironmentStringsA
GetDriveTypeA
GetModuleFileNameA
GetLastError
CopyFileA
SetFileAttributesA
lstrcmpiA
GetTempPathA
GetModuleHandleA
ExitProcess
WriteFile
CreateFileA
ExitThread
lstrlenA
CreateDirectoryA
lstrcatA
GetLogicalDriveStringsA
CreateProcessA
CreateMutexA
SetErrorMode
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
ReadFile
SetEndOfFile
CloseHandle
Sleep
GetLocaleInfoA
GetVersionExA
GetTickCount
LoadLibraryA
GetProcAddress
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
FlushFileBuffers
SetStdHandle
SetFilePointer
RtlUnwind
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
HeapAlloc
GetStartupInfoA
GetCommandLineA
GetVersion
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
VirtualAlloc
HeapReAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter

user32

BlockInput
keybd_event
wsprintfA
ShowWindow
GetForegroundWindow

advapi32

RegSetValueExA
RegOpenKeyA
RegOpenKeyExA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

shell32

ShellExecuteA

ws2_32

socket
WSAStartup
WSACleanup
inet_addr
gethostbyname
htons
send
select
recv
connect
closesocket

shlwapi

PathRemoveFileSpecA

urlmon

URLDownloadToFileA

Sections

.text
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2f099b59a5553bd3e00e9cbb744edbde

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ws2_32

shlwapi

urlmon

Sections

.text Size: 33KB - Virtual size: 32KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 21KB

.text
Size: 33KB - Virtual size: 32KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 21KB