d3130a677566a45f84ea417cbc46c929_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d3130a677566a45f84ea417cbc46c929_JaffaCakes118
Size

69KB
MD5

d3130a677566a45f84ea417cbc46c929
SHA1

2224a0581b107ee9dd45e92d04a41495b0058e65
SHA256

bb6390ed52aac6f1c3075fd13ab066140c2f6bfd8fdf65670cc674bfcb4df0fb
SHA512

377bd97e62055be1e3f3e03ebfabc1a0c3d2754005041fd4b57b8f1023680260fbb8523df31469674b85d9765ffbf6f59353205f29d1664b7453aa037d5e5868
SSDEEP

1536:OuqOG8QeNsHRoM3Wjvi3nHHHWZkSqX9Hlb6G:OuZRq3HVtHlb6G

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d3130a677566a45f84ea417cbc46c929_JaffaCakes118

Files

d3130a677566a45f84ea417cbc46c929_JaffaCakes118
.exe windows:4 windows x86 arch:x86

df602682349cf2eeec7b626e020c4b0c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TerminateProcess
OpenProcess
GetSystemDirectoryA
Sleep
GetFileTime
CreateFileA
lstrcatA
lstrcpyA
lstrlenA
CreateThread
GetComputerNameA
CopyFileA
GetModuleFileNameA
GetCurrentProcess
GetProcAddress
LoadLibraryA
WriteFile
GetOEMCP
GetACP
GetStringTypeW
GetStringTypeA
FlushFileBuffers
SetStdHandle
CloseHandle
GetLocaleInfoA
IsBadCodePtr
IsBadReadPtr
InterlockedExchange
IsBadWritePtr
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetFileType
GetStdHandle
SetHandleCount
HeapSize
HeapReAlloc
SetFilePointer
ReadFile
LCMapStringW
GetLastError
MultiByteToWideChar
WideCharToMultiByte
LCMapStringA
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
SetUnhandledExceptionFilter
HeapFree
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
HeapAlloc
GetThreadContext
SetThreadContext
ContinueDebugEvent
FlushInstructionCache
ReadProcessMemory
VirtualProtectEx
WriteProcessMemory
DebugActiveProcess
WaitForDebugEvent
GetCPInfo
GetVersionExA
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
GetSystemTimeAsFileTime
RtlUnwind
RaiseException
ExitProcess
SetEndOfFile

user32

GetClassNameA
GetForegroundWindow
GetWindowTextA
DestroyWindow
DefWindowProcA
EndPaint
BeginPaint
SetTimer
PostQuitMessage
RegisterClassExA
SendMessageA
CreateWindowExA
GetWindowThreadProcessId
LoadStringA
LoadAcceleratorsA
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
LoadCursorA

advapi32

OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
RegCloseKey
RegSetValueExA

shell32

ShellExecuteA

psapi

GetModuleFileNameExA
EnumProcessModules

ws2_32

WSACleanup
send
recv
gethostname
connect
WSAStartup
socket
htons
inet_addr
gethostbyname
closesocket

urlmon

URLDownloadToFileA

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

df602682349cf2eeec7b626e020c4b0c

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

psapi

ws2_32

urlmon

Sections

.text Size: 48KB - Virtual size: 48KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 4KB - Virtual size: 20KB

.rsrc Size: 4KB - Virtual size: 4KB

.text
Size: 48KB - Virtual size: 48KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 20KB

.rsrc
Size: 4KB - Virtual size: 4KB