b0e585021269e5483edad71ae8b70607_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b0e585021269e5483edad71ae8b70607_JaffaCakes118
Size

24KB
MD5

b0e585021269e5483edad71ae8b70607
SHA1

83b7720b7725424fa0bbe4d86d72630e903e792d
SHA256

d86dda72bb564a5a512f64a07617e69ac81a708bdd2358a052d0615c7a15fdc5
SHA512

ba80946bbce7732dd74b2180db6d60f75a4b868d0978afd8f44cf5bd5cfe1320e34e1208e94bd5624b694ff7b72d4c9494582ed7f2acd49cc4efc94633dc3a60
SSDEEP

384:bGPLwZC6jqIdbIgE0/NKZhSmIHVpdzz4ryCEsUsG5lxcK:CPLtmwH0NUSmIHN3pCJ5ulyK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b0e585021269e5483edad71ae8b70607_JaffaCakes118

Files

b0e585021269e5483edad71ae8b70607_JaffaCakes118
.exe windows:1 windows x86 arch:x86

df91251dbd6c7f93210143cc7ca2a02f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GlobalAlloc
RemoveDirectoryA
ExitProcess
GetWindowsDirectoryA
GetStdHandle
lstrcmpA
lstrlenA
GetModuleFileNameA
GetLogicalDriveStringsA
FindNextFileA
GetSystemDirectoryA
LoadLibraryA
FindFirstFileA
GetCurrentDirectoryA
DeleteFileA
GetModuleHandleA
FindClose
lstrcpyA
GetFileSize
GlobalAddAtomA
SetFileAttributesA
CreateFileA
ReadFile
WriteFile
lstrcatA
WritePrivateProfileStringA
SetFilePointer
WriteConsoleA
WinExec
Sleep
CloseHandle
GlobalFindAtomA
CreateThread
GetProcAddress
SetCurrentDirectoryA
CopyFileA
GlobalFree
GetDriveTypeA
CreateDirectoryA

gdi32

SelectObject
CreateDCA
GetDeviceCaps
DeleteObject
DeleteDC
CreateDIBSection
CreateCompatibleDC
BitBlt
GetDIBColorTable

user32

GetForegroundWindow
OpenClipboard
TranslateMessage
SetClipboardViewer
SendMessageA
RegisterClassA
MessageBoxA
GetWindowTextA
GetMessageA
GetClipboardData
DispatchMessageA
DefWindowProcA
CreateWindowExA
CloseClipboard

advapi32

RegSetValueExA
RegEnumKeyExA
RegQueryValueExA
RegQueryInfoKeyA
RegCloseKey
RegOpenKeyExA
RegCreateKeyA

winmm

sndPlaySoundA
mciSendStringA

wsock32

setsockopt
send
select
recv
listen
inet_ntoa
inet_addr
htons
gethostname
gethostbyname
connect
closesocket
bind
accept
__WSAFDIsSet
WSAStartup
WSACleanup
socket

Sections

CODE
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

df91251dbd6c7f93210143cc7ca2a02f

Headers

File Characteristics

Imports

kernel32

gdi32

user32

advapi32

winmm

wsock32

Sections

CODE Size: 12KB - Virtual size: 12KB

DATA Size: 6KB - Virtual size: 8KB

.idata Size: 2KB - Virtual size: 4KB

.reloc Size: 1024B - Virtual size: 4KB

CODE
Size: 12KB - Virtual size: 12KB

DATA
Size: 6KB - Virtual size: 8KB

.idata
Size: 2KB - Virtual size: 4KB

.reloc
Size: 1024B - Virtual size: 4KB