d403a8317de6482d86dbbffb4f7d56c9_JaffaCakes118

General

Target

d403a8317de6482d86dbbffb4f7d56c9_JaffaCakes118
Size

88KB
MD5

d403a8317de6482d86dbbffb4f7d56c9
SHA1

33779fd59544d9314dd48ce3f5bec2ea00e3f3f1
SHA256

d4c386617f1fc4dbdce7bd472200679fb12fce8f91025edbe7b1ab501fb5e129
SHA512

0f2d1019189bf27293b201c776fa82a6c51dd7ae5cb0e53ab4f6bb988db263b016bf25dd3269ed8bcbda3463ceaf94de39cc3619073ae3496072ab55ffe67e2b
SSDEEP

1536:FeoLmUtrCrYNAlCWs+fEsM/Zofh4tJJ1V6:FekbrUMz+fEsM/ZofGd6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d403a8317de6482d86dbbffb4f7d56c9_JaffaCakes118

Files

d403a8317de6482d86dbbffb4f7d56c9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e425ec9e000413cff0c5536bff83757d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateThread
CopyFileA
WinExec
GetWindowsDirectoryA
GetModuleFileNameA
GetTickCount
lstrcpyA
Sleep
CompareStringW
CompareStringA
SetEndOfFile
ReadFile
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
LoadLibraryA
GetOEMCP
GetACP
GetCPInfo
CreateFileA
SetStdHandle
MultiByteToWideChar
HeapAlloc
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetSystemTimeAsFileTime
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
GetProcAddress
RaiseException
SetHandleCount
GetStdHandle
GetFileType
TerminateProcess
GetCurrentProcess
HeapDestroy
HeapCreate
VirtualFree
HeapFree
VirtualAlloc
HeapReAlloc
WideCharToMultiByte
GetLastError
CloseHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
RtlUnwind
WriteFile
FlushFileBuffers
SetFilePointer
SetEnvironmentVariableA

advapi32

RegSetValueExA
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
OpenServiceA
DeleteService
OpenSCManagerA
CreateServiceA
CloseServiceHandle
RegQueryValueExA
SetServiceStatus
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA

ws2_32

select
WSAStartup
gethostbyname
inet_ntoa
socket
closesocket
recv
send
inet_addr
htons
ioctlsocket
connect

urlmon

URLDownloadToFileA

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e425ec9e000413cff0c5536bff83757d

Headers

File Characteristics

Imports

kernel32

advapi32

ws2_32

urlmon

Sections

.text Size: 48KB - Virtual size: 47KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 32KB - Virtual size: 36KB

.text
Size: 48KB - Virtual size: 47KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 32KB - Virtual size: 36KB