af3debd3c7e1996b236534d17ec8fed4_JaffaCakes118

General

Target

af3debd3c7e1996b236534d17ec8fed4_JaffaCakes118
Size

36KB
MD5

af3debd3c7e1996b236534d17ec8fed4
SHA1

05067b165f31ad65eea4e4e8d709762fe41ad848
SHA256

51034a728b75facccd66cd39e2a05b35f3aea89c67cc6ebe6348281443cd0777
SHA512

4bdf91ef43d44e8e2c9876261342f271b93e0aa6ff0a88a4b16561c7702cc7e106935dc7fc69b51c87e2581d8f71c318b08b9d741ba43dd43117c30579157724
SSDEEP

384:2SctcJnleaIq8LLWpSHoFqR5l58ffnK1Y:2LcJXaLWpSJWK1Y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
af3debd3c7e1996b236534d17ec8fed4_JaffaCakes118

Files

af3debd3c7e1996b236534d17ec8fed4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5e2105802c410708f8db50e04df0e3ef

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteProcessMemory
ReadProcessMemory
MapViewOfFile
CreateFileMappingA
CreateFileA
GetSystemDirectoryA
FreeLibrary
GetModuleHandleA
Module32Next
lstrcmpA
Module32First
GetCurrentProcessId
CreateRemoteThread
VirtualAllocEx
UnmapViewOfFile
OpenProcess
GlobalFree
GlobalAlloc
CreateThread
WriteFile
ReadFile
GetFileSize
GetProcAddress
LoadLibraryA
GetModuleFileNameA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetVersionExA
CreateToolhelp32Snapshot
Process32First
Process32Next
lstrlenA
GetCurrentProcess
CloseHandle
VirtualAlloc
lstrcatA
TerminateProcess
GetSystemTimeAsFileTime
RtlUnwind

user32

wsprintfA
MessageBoxA

advapi32

OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
RegCreateKeyA
RegSetValueExA
RegCloseKey
RegCreateKeyExA

ws2_32

select
recv
WSACleanup
htons
inet_addr
ioctlsocket
accept
listen
bind
__WSAFDIsSet
closesocket
send
socket
WSAStartup
connect

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5e2105802c410708f8db50e04df0e3ef

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

Sections

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 132KB

.CRT Size: 4KB - Virtual size: 8B

.rsrc Size: 4KB - Virtual size: 176B

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 132KB

.CRT
Size: 4KB - Virtual size: 8B

.rsrc
Size: 4KB - Virtual size: 176B