d1893e9b92dc5eca3c6ba45f950762c6_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d1893e9b92dc5eca3c6ba45f950762c6_JaffaCakes118
Size

222KB
MD5

d1893e9b92dc5eca3c6ba45f950762c6
SHA1

d9b6e297eec7bd270b1339a4d161bf2290e010a8
SHA256

257a038f84e5b5868cffcc131bdb165fed0b66fd2948ef936b93ea91c3226ca6
SHA512

820b4b5d336e982f460f1e9000848daf6566f7eedf141dde49161559c47dab97ff04f0ad2101c213ef826c9b02543fb288b38a0da417d8676a956bdedfe60d1b
SSDEEP

6144:gr5JJweTgB8LRAk7+8hcnnIUrCrIZ1jq/t/I:4HJwpBbk7+8hcIUdZ1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d1893e9b92dc5eca3c6ba45f950762c6_JaffaCakes118

Files

d1893e9b92dc5eca3c6ba45f950762c6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

64fc05b655e2f16286b35182fe90aa2a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

gOpenKeyExA
gCloseKey
gCreateKeyExA
gEnumKeyA
gEnumValueA
gQueryValueExA
gSetValueExA

kernel32

oseHandle
eateDirectoryA
eateFileA
eateThread
leteFileA
itProcess
ndClose
ndFirstFileA
ndNextFileA
ushFileBuffers
tCommandLineA
tCurrentDirectoryA
tEnvironmentStringsA
tExitCodeThread
tFileAttributesA
tFileSize
tFileType
tLastError
tLocalTime
tModuleHandleA
tStartupInfoA
tSystemInfo
tVersionExA
obalAlloc
obalFree
obalReAlloc
veFileA
tputDebugStringA
adFile
moveDirectoryA
sumeThread
tCurrentDirectoryA
tEndOfFile
tErrorMode
tFilePointer
tLastError
spendThread
iteFile
tSystemDirectoryA
tWindowsDirectoryA
tModuleFileNameA
obalMemoryStatus
pyFileA
tTempFileNameA
tTempPathA
tDiskFreeSpaceA
tDriveTypeA
tLogicalDrives
tVolumeInformationA
tCurrentProcessId
adLibraryA
tProcAddress
eeLibrary
eep
rminateProcess
enProcess
eateToolhelp32Snapshot
ocess32First
ocess32Next
tTickCount
tShortPathNameA

oleaut32

sAllocStringByteLen
sFreeString
sStringByteLen

user32

tWindowTextA
ssageBeep
ssageBoxA
spatchMessageA
anslateMessage
stQuitMessage
tMessageA
llWindowProcA
adCursorA
gisterClassExA
eateWindowExA
fWindowProcA
tWindow
tWindowTextLengthA
tWindowLongA
tForegroundWindow
tTimer
llTimer
owWindow
ndMessageA
tActiveWindow
tForegroundWindow
pVirtualKeyA
ybd_event

shell32

ellExecuteA

gdi32

tStockObject

wsock32

cept
nd
osesocket
nnect
tpeername
onl
ons
et_addr
et_ntoa
sten
cv
nd
ndto
tsockopt
cket
thostbyaddr
thostbyname
thostname
AAsyncSelect
ACleanup
AGetLastError
AStartup

Exports

Exports

BCIPHER
CIPHER
EXIST
FGET
FGETAT
FLOF
FOPEN
FPUT
FSEEK
ISWIN95
LZW
UNLZW
VALIDTODECIPHER
WNDPROC

Sections

.avp
Size: 203KB - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 3KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 14KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

64fc05b655e2f16286b35182fe90aa2a

Headers

File Characteristics

Imports

advapi32

kernel32

oleaut32

user32

shell32

gdi32

wsock32

Exports

Exports

Sections

.avp Size: 203KB - Virtual size: 204KB

.avp Size: 3KB - Virtual size: 16KB

.avp Size: 14KB - Virtual size: 24KB

.avp
Size: 203KB - Virtual size: 204KB

.avp
Size: 3KB - Virtual size: 16KB

.avp
Size: 14KB - Virtual size: 24KB