b01763962ac2ad58584efdbcfe475d66_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b01763962ac2ad58584efdbcfe475d66_JaffaCakes118
Size

56KB
MD5

b01763962ac2ad58584efdbcfe475d66
SHA1

aa7dede485a6dc1e97a6c8010a01405c56e37a57
SHA256

34a81230e9f2a385f7a32cb1e19421f00e879d2acce24a47a82a27b70ad69e2e
SHA512

056128030b2a87bfa077996cbad85abc3283e29cc81b1adffe3746be25cd5e0005b85b1c04eb8a7ca1d81bdb0e643c841cba4f9e0cd23d9717d9d5d9d100a359
SSDEEP

768:5yr4kW8Fy7yMedXmRTocvWUIosKGH1gzh+6abyv9i5fuFWP0jelmQSf2mrJF59hF:5yr4kWoy7yT2Joc5/zho89HgGtqmKw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b01763962ac2ad58584efdbcfe475d66_JaffaCakes118

Files

b01763962ac2ad58584efdbcfe475d66_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ef506602427fe6e09010a739bd021680

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

inet_ntoa
gethostbyname
gethostname
WSAStartup

advapi32

RegDeleteValueA
GetUserNameA
LookupAccountSidA
OpenProcessToken
GetTokenInformation
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegCloseKey
SetSecurityInfo
SetEntriesInAclA
AdjustTokenPrivileges
LookupPrivilegeValueA

mpr

WNetCloseEnum
WNetOpenEnumA
WNetEnumResourceA

shell32

SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation

ole32

CoInitialize
CoCreateInstance

shlwapi

PathFileExistsA

msvcrt

_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
_acmdln
exit
_XcptFilter
_exit
calloc
memcpy
_strnicmp
_ftol
free
strstr
memset
strchr
fread
strcmp
toupper
rename
strrchr
strcpy
strcat
sprintf
strlen
fopen
fwrite
fclose
_controlfp
malloc
__getmainargs

kernel32

SetFileTime
GetFileTime
GetStartupInfoA
GetSystemDefaultLangID
GetComputerNameA
GetPrivateProfileIntA
GetPrivateProfileStringA
CreateFileA
LoadLibraryA
CreateToolhelp32Snapshot
Process32First
GetPriorityClass
Process32Next
OpenProcess
GetCurrentProcess
DuplicateHandle
GetLastError
GetFileSize
GetSystemTime
SystemTimeToFileTime
CompareFileTime
MultiByteToWideChar
SetCurrentDirectoryA
CreateProcessA
FileTimeToSystemTime
GetTickCount
FindFirstFileA
CreateDirectoryA
FindNextFileA
FindClose
GetLogicalDriveStringsA
GetDriveTypeA
GetDiskFreeSpaceExA
OpenMutexA
CloseHandle
SetEvent
WaitForSingleObject
CreateMutexA
SetFileAttributesA
lstrcmpiA
CopyFileA
GetFileAttributesA
LocalFree
ExitProcess
GetModuleFileNameA
GetWindowsDirectoryA
CreateEventA
CreateThread
GetSystemDirectoryA
Sleep
DeleteFileA
GlobalAlloc
GlobalFree
GetProcAddress
GetModuleHandleA
GetVersionExA
FreeLibrary

Sections

.text
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ef506602427fe6e09010a739bd021680

Headers

File Characteristics

Imports

ws2_32

advapi32

mpr

shell32

ole32

shlwapi

msvcrt

kernel32

Sections

.text Size: 40KB - Virtual size: 38KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 27KB

.text
Size: 40KB - Virtual size: 38KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 27KB