adc696e5ab9e8da21a578ebabfa4a342_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

adc696e5ab9e8da21a578ebabfa4a342_JaffaCakes118
Size

111KB
MD5

adc696e5ab9e8da21a578ebabfa4a342
SHA1

0584b5d2ddabe5975c452ccefc5fffde318a8538
SHA256

1a2b67559e257eeaf0735942556100f09560afff5f1d8eca41096ae779fb5f48
SHA512

10124db50bee715b874f16926739ee05223c61c2521efe50544f0b51fbe0bdd9e3a61fa3089c05d20444be29551d92b73c8b0687178d27bb411a187e98d336fe
SSDEEP

1536:QXONP08LKglYWdllJz9x5k9mXoZ09+pOVUqmesnce+HQcE7ZvGvN+:QWNlYIllnx5kUu7FNesaHW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
adc696e5ab9e8da21a578ebabfa4a342_JaffaCakes118

Files

adc696e5ab9e8da21a578ebabfa4a342_JaffaCakes118
.exe windows:1 windows x86 arch:x86

0b458a5b6c203057e1c75a6030e9be2c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindClose
FindFirstFileA
GetCurrentDirectoryA
GetCurrentProcess
GetDiskFreeSpaceExA
GetDriveTypeA
GetLastError
GetLogicalDrives
GetModuleFileNameA
CloseHandle
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetSystemDirectoryA
GetSystemInfo
GetTickCount
GetUserDefaultLangID
GetVersionExA
GlobalMemoryStatusEx
CopyFileA
HeapFree
LoadLibraryA
OpenProcess
OutputDebugStringA
PeekNamedPipe
QueryPerformanceCounter
QueryPerformanceFrequency
CreateFileA
ReadFile
ReleaseMutex
RtlUnwind
RtlZeroMemory
SetFilePointer
CreateMutexA
Sleep
TerminateProcess
TerminateThread
CreatePipe
WaitForMultipleObjects
CreateProcessA
WaitForSingleObject
WriteFile
lstrcmpiA
CreateThread
DeleteFileA

advapi32

FreeSid
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenEventLogA
OpenProcessToken
OpenSCManagerA
OpenServiceA
QueryServiceStatus
RegCloseKey
RegConnectRegistryA
RegCreateKeyExA
RegDeleteKeyA
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
ChangeServiceConfigA
RegisterServiceCtrlHandlerA
ClearEventLogA
SetServiceStatus
StartServiceA
StartServiceCtrlDispatcherA
CloseEventLog
CloseServiceHandle
ControlService
CreateServiceA
DeleteService

crtdll

__GetMainArgs
_strcmpi
_stricmp
_strnicmp
toupper
_write
atoi
atol
exit
free
malloc
mbstowcs
memcpy
memset
printf
raise
signal
sprintf
sscanf
strcat
strchr
strcmp
strcpy
strlen
strncmp
strncpy
strstr
strtok

mpr

WNetCancelConnection2A
WNetAddConnection2A

netapi32

NetUserDel
NetUserSetInfo

user32

EnumDisplaySettingsA
ExitWindowsEx

wininet

InternetCloseHandle
InternetConnectA
InternetCrackUrlA
InternetOpenA
InternetReadFile
HttpOpenRequestA
HttpQueryInfoA
HttpSendRequestA

wsock32

WSACleanup
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
gethostbyname
htons
inet_ntoa
listen
recv
select
send
setsockopt
shutdown
socket

Sections

code
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0b458a5b6c203057e1c75a6030e9be2c

Headers

File Characteristics

Imports

kernel32

advapi32

crtdll

mpr

netapi32

user32

wininet

wsock32

Sections

code Size: 108KB - Virtual size: 108KB

.avp Size: 3KB - Virtual size: 4KB

code
Size: 108KB - Virtual size: 108KB

.avp
Size: 3KB - Virtual size: 4KB