d692a62f537156c8c6a0d17a796945d3_JaffaCakes118

General

Target

d692a62f537156c8c6a0d17a796945d3_JaffaCakes118
Size

39KB
MD5

d692a62f537156c8c6a0d17a796945d3
SHA1

168388f556f14ba89bbd3c20612a48fdbdc77949
SHA256

bca387b788f49e9cf5849f9bd5b3d1f6100a16c335ba36a026689498492ad0c7
SHA512

83f751908977ad156490289b931bceb1612a391a684471ac0081b62d78a036d646f97067e89fbf0b38a6eb4af0398e9ffc6b24ae4138212274c81bceacde7e65
SSDEEP

768:uE7SSZ+oqoTc4Pvow9boQfjlfnhs/+phiCiYidraGgjlyX7xdNr8Q1UFF8D1Fp2b:92SSt66dVx1ekY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d692a62f537156c8c6a0d17a796945d3_JaffaCakes118

Files

d692a62f537156c8c6a0d17a796945d3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b614197f1d4214df59d8e25eea8d4825

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
GetModuleHandleA
GetModuleFileNameA
CreateRemoteThread
OpenProcess
lstrlenA
SetFilePointer
TerminateThread
WriteFile
Process32Next
Process32First
CreateToolhelp32Snapshot
TerminateProcess
ExitThread
GetComputerNameA
GlobalMemoryStatus
GetVersionExA
GetCurrentProcessId
VirtualFree
VirtualAlloc
GetPriorityClass
ResumeThread
CloseHandle
CreateProcessA
DeleteFileA
LoadLibraryA
GetProcAddress
GetTickCount
GetTempPathA
GetStdHandle
SetConsoleTextAttribute
CreateMutexA
Sleep
GetLastError
lstrcmpiA
ExitProcess
CreateThread
GetCurrentProcess
SetLastError

user32

GetActiveWindow
PeekMessageA
DispatchMessageA
CallNextHookEx
GetMessageA
SetWindowsHookExA
UnhookWindowsHookEx
GetWindowTextA
SetKeyboardState
ToAscii
GetKeyboardState
GetKeyNameTextA
wsprintfA

advapi32

RegCreateKeyExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegDeleteValueA
OpenServiceA
CloseServiceHandle
OpenSCManagerA
DeleteService
ControlService
GetUserNameA
RegCloseKey

shell32

ShellExecuteA

msvcrt

fopen
fread
fclose
srand
rand
sprintf
printf
strstr
atoi
strncpy
strtok

shlwapi

PathStripPathA

wininet

InternetGetConnectedStateEx
InternetGetConnectedState

ws2_32

WSAEnumNetworkEvents
WSAWaitForMultipleEvents
recv
connect
WSAEventSelect
WSACreateEvent
socket
htons
gethostbyname
WSAStartup
getsockname
gethostname
inet_ntoa
WSAResetEvent
bind
WSAIoctl
WSASocketA
accept
listen
setsockopt
sendto
recvfrom
closesocket
WSACloseEvent
send
getpeername
ntohs
shutdown

Sections

.data
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b614197f1d4214df59d8e25eea8d4825

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

msvcrt

shlwapi

wininet

ws2_32

Sections

.data Size: 30KB - Virtual size: 30KB

.rsrc Size: 8KB - Virtual size: 7KB

.data
Size: 30KB - Virtual size: 30KB

.rsrc
Size: 8KB - Virtual size: 7KB