ce8708060c8a6e698195614ea2d51789_JaffaCakes118

General

Target

ce8708060c8a6e698195614ea2d51789_JaffaCakes118
Size

284KB
MD5

ce8708060c8a6e698195614ea2d51789
SHA1

8b3586f3b39014c2656bb4fcac0e5f9af19f4ce0
SHA256

ea9576a2fe3c78c59d2583411d636b43975a36bd3c1c1f15eaf59538ccb13440
SHA512

91bc13203b2aa1a69de3b2cd14e1ffa7abe15f542a38e4d6dee6a78fbee107b5da0c62217115d1da21afbb983e89e63777a3a916960cd75ad96991618f21abf9
SSDEEP

1536:OOdzCF9yKrpWCjKMLmDXxoJavSDwWpz9Z+YoxeY3UOGqcOh9WY:xdzCbyKFz2ML0XyDlDXoxvURqcOh9h

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ce8708060c8a6e698195614ea2d51789_JaffaCakes118

Files

ce8708060c8a6e698195614ea2d51789_JaffaCakes118
.exe windows:4 windows x86 arch:x86

816e1148032355971b1cb2b9ef12ea71

Headers

Imports

ole32

CreateStreamOnHGlobal
CoTaskMemFree

kernel32

GetVersionExA
FindFirstFileA
FindNextFileA
CloseHandle
CreateFileA
lstrlenW
lstrlenA
lstrcpynA
lstrcpyA
lstrcmpiA
lstrcmpA
CreateFileMappingA
CreateThread
CreateToolhelp32Snapshot
DeleteFileA
ExitProcess
lstrcatA
WriteFile
WideCharToMultiByte
UnmapViewOfFile
TerminateProcess
Sleep
Process32Next
Process32First
OpenProcess
MultiByteToWideChar
MapViewOfFile
LocalFree
LocalAlloc
LoadLibraryA
GlobalMemoryStatus
GlobalFree
GlobalAlloc
GetWindowsDirectoryA
GetVolumeInformationA
GetComputerNameA
GetTickCount
GetTempPathA
GetSystemDirectoryA
GetProcAddress
GetPrivateProfileStringA
GetPrivateProfileSectionNamesA
GetPrivateProfileIntA
GetModuleFileNameA
GetLogicalDrives
GetLocaleInfoA
GetLocalTime
GetLastError
GetFileSize
GetDriveTypeA
GetDiskFreeSpaceA
GetCurrentProcess
GetCurrentDirectoryA
FindClose

user32

wsprintfA
GetDC
MessageBoxA
ReleaseDC

advapi32

GetUserNameA
OpenSCManagerA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyA
RegEnumValueA
RegEnumKeyExA
RegCreateKeyA
RegCloseKey
OpenServiceA
ControlService
OpenProcessToken
AdjustTokenPrivileges
ChangeServiceConfigA
CloseServiceHandle
LookupPrivilegeValueA

shlwapi

StrRChrA
StrStrIA
StrChrA
StrCmpNA

wsock32

socket
send
recv
inet_addr
gethostname
gethostbyname
connect
closesocket
WSAStartup

rasapi32

RasGetEntryDialParamsA
RasGetEntryPropertiesA
RasEnumEntriesA

gdi32

GetDeviceCaps

Sections

Size: 280KB - Virtual size: 280KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

816e1148032355971b1cb2b9ef12ea71

Headers

Imports

ole32

kernel32

user32

advapi32

shlwapi

wsock32

rasapi32

gdi32

Sections

Size: 280KB - Virtual size: 280KB