c05f705fd033babc1a50ce77a50a6dc5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c05f705fd033babc1a50ce77a50a6dc5_JaffaCakes118
Size

40KB
MD5

c05f705fd033babc1a50ce77a50a6dc5
SHA1

b9b62449092e189f117f3beeb5af43506682eafc
SHA256

db1f04c8c5496bb453ae237c18454ed440e2e981253fa915f1b6c7b4ff572b86
SHA512

98d6ded35a4bf89410bb35212a60566bfa7af1597de7a359058239411a3959c42598fbe41ef42f32b54b47e5feb1131b7a47de878e9b05a0cee9f95268f7451c
SSDEEP

768:hc+Qn3MR0fkNDdXCBO3N61rBwM7unY/PpwKUC6GL+EokMyL:hWnR48fn7WY/8GPo0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c05f705fd033babc1a50ce77a50a6dc5_JaffaCakes118

Files

c05f705fd033babc1a50ce77a50a6dc5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

76f80045a8662aaace83ddee3815081f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
SetEndOfFile
LoadLibraryA
WaitForSingleObject
GetACP
GetCPInfo
IsBadCodePtr
IsBadReadPtr
Sleep
TerminateProcess
GetCurrentProcess
GetModuleHandleA
GetProcAddress
GetTempPathA
CopyFileA
GetLastError
CreateThread
GetLogicalDriveStringsA
FindFirstFileA
FindNextFileA
OpenProcess
GetOEMCP
CloseHandle
SetUnhandledExceptionFilter
CreateFileA
SetFilePointer
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
IsBadWritePtr
HeapReAlloc
VirtualAlloc
WriteFile
VirtualFree
HeapCreate
HeapDestroy
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
RtlUnwind
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
HeapAlloc
ReadFile
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW

user32

MessageBoxA
ExitWindowsEx
GetWindowTextA
PostMessageA
GetWindow
FindWindowA

advapi32

RegSetValueExA
RegCloseKey
RegDeleteValueA
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
OpenSCManagerA
GetServiceKeyNameA
OpenServiceA
CloseServiceHandle
QueryServiceStatus
ControlService
StartServiceA
RegOpenKeyA

shell32

ShellExecuteA

ws2_32

select
recv
send
listen
bind
htons
socket
WSAStartup
gethostbyname
accept
connect

psapi

GetModuleBaseNameA
EnumProcessModules
EnumProcesses

reckeybhook

ord101

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

76f80045a8662aaace83ddee3815081f

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ws2_32

psapi

reckeybhook

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 8KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 8KB