b296d2412896ea8ecbb6d0ba9b3ea1db_JaffaCakes118

General

Target

b296d2412896ea8ecbb6d0ba9b3ea1db_JaffaCakes118
Size

23KB
MD5

b296d2412896ea8ecbb6d0ba9b3ea1db
SHA1

c3a6f5e9df461c8e1c51129272efa51f65afc7fc
SHA256

87308cc3c6c35e04e99ad563b0703d4223d74c47b33f3236faf5614b2d29c8e2
SHA512

75f746c85e1fececf9fcee5b83c7da64064cd0c613c94269e52bff1a0cb01665f487d24b5462459cdc5ffdee76aed3e2e86f98fa37e8513cef4163ec93c67a6d
SSDEEP

96:5pQPO1R2irb7q3jnaqUPpTz/30aR19chAafZsUwg5CSnSeuNIZ05wyqquELZdX3s:5Hf7q343hJchAaWUQSnSzNbyYjH3yWg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b296d2412896ea8ecbb6d0ba9b3ea1db_JaffaCakes118

Files

b296d2412896ea8ecbb6d0ba9b3ea1db_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f95fe5f9cb87710d0acb12beef24e6aa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\Projects\userinit\Debug\userinit.pdb

Imports

kernel32

lstrcmpiA
Sleep
GetTempFileNameA
LoadLibraryA
DeleteFileA
CloseHandle
VirtualFree
ReadFile
VirtualAlloc
GetFileSize
CreateFileA
Process32Next
Process32First
CreateToolhelp32Snapshot
lstrlenA
WaitForSingleObject
CreateProcessA
GetStartupInfoA
CreatePipe
GetVersion
lstrcpyA
ExitProcess

user32

MessageBoxA
wsprintfA

wininet

InternetCloseHandle
InternetReadFile
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenA

ntdll

strlen
strcat
memset
memcpy
atoi
_alldiv
RtlUnwind
_stricmp

Sections

INIT
Size: 512B - Virtual size: 262B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xdata
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f95fe5f9cb87710d0acb12beef24e6aa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

wininet

ntdll

Sections

INIT Size: 512B - Virtual size: 262B

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 312B

.xdata Size: 512B - Virtual size: 28B

.rsrc Size: 512B - Virtual size: 504B

.reloc Size: 512B - Virtual size: 352B

INIT
Size: 512B - Virtual size: 262B

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 312B

.xdata
Size: 512B - Virtual size: 28B

.rsrc
Size: 512B - Virtual size: 504B

.reloc
Size: 512B - Virtual size: 352B