b5c71a42b250479d40318f1bdcac72bb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b5c71a42b250479d40318f1bdcac72bb_JaffaCakes118
Size

40KB
MD5

b5c71a42b250479d40318f1bdcac72bb
SHA1

98069258f0473ad3569a95bdc2df5d7b664d544d
SHA256

fef7de0230a9a7677d8d31ff36e667b902b36fdd65b83a92b984a256f9082d64
SHA512

5d297e0a1d7be54091d9997c530efeceed615404a5425c0c7ec1362da23295d94a8849f45cf8f1596467bd64c3dbf9b6b7f2eee1019ea28681cb2092033a9adb
SSDEEP

768:YYjjg8sv9dAGmQodvsRHph+fv5dFjapE9ENB:tJPGmJdvsRHphAv5dRf9ENB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b5c71a42b250479d40318f1bdcac72bb_JaffaCakes118

Files

b5c71a42b250479d40318f1bdcac72bb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4fa683f5bf4076240748ccfe35b6a851

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSASocketA

cmutil

CmFmtMsgA
CmStrrchrA

shell32

SHGetSpecialFolderLocation
SHGetMalloc
SHGetPathFromIDListA

cmdial32

AutoDialFunc

kernel32

TerminateProcess
HeapFree
GetSystemInfo
FormatMessageA
lstrcmpiA
HeapAlloc
GetProcessHeap
FreeLibrary
lstrcpyA
CreateDirectoryA
MultiByteToWideChar
DisableThreadLibraryCalls
LoadLibraryA
SetCurrentDirectoryA
GetCurrentThreadId
MoveFileA
GetSystemDirectoryA
GetModuleHandleA
Sleep
GetPrivateProfileStringA
UnhandledExceptionFilter
GetLastError
GetCurrentProcess
GetWindowsDirectoryA
GetCurrentDirectoryA
QueryPerformanceCounter
FreeConsole
GetTickCount
GetPrivateProfileIntA
lstrcpynA
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
GetProcAddress
SetLastError
CloseHandle
GetVersionExA
lstrcatA
GetVolumeInformationA
VirtualAlloc
LocalFree
lstrlenA
CreateFileA

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

msvcrt

_initterm
free
_adjust_fdiv
malloc

crypt32

CryptFormatObject
RegOpenKeyExU

advapi32

OpenProcessToken
RegCloseKey
RegEnumValueA
LookupPrivilegeValueA
SetNamedSecurityInfoA
GetSecurityDescriptorDacl
AllocateAndInitializeSid
RegQueryValueExA
FreeSid
AdjustTokenPrivileges
RegOpenKeyExA
GetSecurityDescriptorOwner

user32

CharPrevA
MessageBoxExA
MessageBoxA
CharNextA
LoadStringA
wsprintfA

Sections

.text
Size: 512B - Virtual size: 472B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4fa683f5bf4076240748ccfe35b6a851

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

cmutil

shell32

cmdial32

kernel32

version

msvcrt

crypt32

advapi32

user32

Sections

.text Size: 512B - Virtual size: 472B

.rsrc Size: 27KB - Virtual size: 27KB

.idata Size: 3KB - Virtual size: 2KB

.rdata Size: 7KB - Virtual size: 7KB

.reloc Size: 512B - Virtual size: 32B

.data Size: - Virtual size: 128KB

.text
Size: 512B - Virtual size: 472B

.rsrc
Size: 27KB - Virtual size: 27KB

.idata
Size: 3KB - Virtual size: 2KB

.rdata
Size: 7KB - Virtual size: 7KB

.reloc
Size: 512B - Virtual size: 32B

.data
Size: - Virtual size: 128KB