ba70809f6561008095ad6aa8f680afb1_JaffaCakes118

General

Target

ba70809f6561008095ad6aa8f680afb1_JaffaCakes118
Size

10KB
MD5

ba70809f6561008095ad6aa8f680afb1
SHA1

1d6756fbc3dbbcdf65792c9693afdcbdab85408a
SHA256

f8b88699671af31ad08f7270e05b91a8036580fece84bfd9a06933d5b3ebe821
SHA512

3cfe4b5b76494e1ac1c50f1c167b9c35fda9499c291d28f8d2246be104b954d7a7fc0074da7d7917dcbb24ffb09f19ad1e630521e0601a9b829bd75c01e73421
SSDEEP

192:Hdio60Y3Ay4957JkAXtgcM1+eHDXPnsJ99XkjfLi1:9B60q69dARDfsJ9VQfLi1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ba70809f6561008095ad6aa8f680afb1_JaffaCakes118

Files

ba70809f6561008095ad6aa8f680afb1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6308398618810ae4f19e4cb9aea63f47

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

SetWindowLongA
SetTimer
GetMessageA
DispatchMessageA
WaitForInputIdle
CreateWindowExA
TranslateMessage
wsprintfA

kernel32

CreateFileA
CreatePipe
CreateProcessA
CreateThread
DeleteFileA
ExitProcess
ExitThread
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetDiskFreeSpaceA
GetDriveTypeA
CopyFileA
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileIntA
GetProcAddress
GetVersionExA
GetWindowsDirectoryA
GlobalMemoryStatus
LoadLibraryA
LocalAlloc
LocalFree
MultiByteToWideChar
ReadFile
Sleep
TerminateThread
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcatA
CloseHandle
lstrcpyA
lstrlenA
GetLogicalDrives
lstrcmpA

wsock32

closesocket
send
recv
WSAStartup
accept
bind
socket
gethostbyname
gethostname
listen

advapi32

GetSidIdentifierAuthority
GetSidSubAuthority
GetSidSubAuthorityCount
GetUserNameA
IsValidSid
LookupAccountNameA
RegCloseKey
RegSetValueExA
RegCreateKeyA
RegQueryValueExA

shell32

SHGetSpecialFolderPathA
ShellExecuteA

ole32

OleUninitialize
OleInitialize
CoCreateInstance

rasapi32

RasGetEntryPropertiesA
RasEnumEntriesA
RasGetEntryDialParamsA

oleaut32

SafeArrayCreateVector
SafeArrayDestroy
SafeArrayUnaccessData
SysAllocString
SysFreeString
SafeArrayAccessData

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6308398618810ae4f19e4cb9aea63f47

Headers

File Characteristics

Imports

user32

kernel32

wsock32

advapi32

shell32

ole32

rasapi32

oleaut32

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 132KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 132KB