b7a4ad1edba2e0558b42b132a8c2f1e6_JaffaCakes118

General

Target

b7a4ad1edba2e0558b42b132a8c2f1e6_JaffaCakes118
Size

79KB
MD5

b7a4ad1edba2e0558b42b132a8c2f1e6
SHA1

25f0c2a55db49209454c456fe18d2529fa236924
SHA256

fe8b830b97e172543c50ad61859222e60c46fb6f5d37df482fff8d7a0a4001e2
SHA512

04e92a2e78613c1fb6350d236ce94a1e518c27814eb0ad93fec58b87798483a9076a9e845f44870a7e82f6c566cb3c6dde65c9d2cb521f165aa0f335550783a7
SSDEEP

768:4gztWej21zcG3mXKKoL+TKYAzlkCJFCm7vFerf9ndhdYyxXdoseQq55RbISS9Evd:/hbj2eGM3GOPBxWAq5rbISSCvajIJAfU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b7a4ad1edba2e0558b42b132a8c2f1e6_JaffaCakes118

Files

b7a4ad1edba2e0558b42b132a8c2f1e6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f3dd143f4d975a60562380775a3782f8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

closesocket
WSAStartup
bind
listen
accept
inet_addr
gethostbyname
socket
setsockopt
htons
recv
connect
WSAGetLastError
shutdown
select
__WSAFDIsSet
send
inet_ntoa

kernel32

DeleteCriticalSection
GetCommandLineA
GlobalAlloc
CreateMutexA
CopyFileA
InitializeCriticalSection
CreateThread
ExitThread
Sleep
WaitForSingleObject
GetProcessHeap
GetCurrentThread
GetCurrentProcessId
GetTickCount
TerminateThread
GetCurrentProcess
GetLastError
GetCurrentThreadId
GetVersion

advapi32

RegCloseKey
RegCreateKeyExA
RegEnumValueA
RegDeleteValueA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA

msvcrt

strcat
strlen
rand
realloc
atoi
strchr
strstr
strcpy
_snprintf
free
gmtime
malloc
_time64
_spawnl
sscanf
strncpy
srand
strtok
strrchr
sprintf
exit
_fullpath
_execl
fwrite
fclose
fread
_filelength
fopen
strncmp
isdigit
_strrev

Exports

Exports

time

Sections

.text
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f3dd143f4d975a60562380775a3782f8

Headers

DLL Characteristics

File Characteristics

Imports

wsock32

kernel32

advapi32

msvcrt

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 44KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 4KB

.text
Size: 48KB - Virtual size: 44KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 4KB