d9b1c95fb4424cf69a0ac8e40b3ab39b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d9b1c95fb4424cf69a0ac8e40b3ab39b_JaffaCakes118
Size

54KB
MD5

d9b1c95fb4424cf69a0ac8e40b3ab39b
SHA1

189a7614e4585833925b7dd62487e959d905779a
SHA256

325cc57be618d1e3b7ae1dc686d165cc08a20cae415a78ac4e5554930fe41acc
SHA512

614c8a44d6e238f4f1919a5b43c6a27b1f2b93c95600fd2cdc4b1089418526e25ad2aca8e1401437f345d96ee66768c087be83df9b61b1dc0b2f7b55cac660c9
SSDEEP

768:JkXttjEYIfh+vZ44bPfM2Fwo1kIsj9ZUe81O80zqqnx2uZByQtjfknoPmofm:GXvjEvuRbc2RI9ZzV8mnDZdt4xof

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d9b1c95fb4424cf69a0ac8e40b3ab39b_JaffaCakes118

Files

d9b1c95fb4424cf69a0ac8e40b3ab39b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7552b709ea73bc0442d11e625b842977

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenProcess
Process32First
CreateToolhelp32Snapshot
TerminateProcess
CreateProcessA
DeleteFileA
GetCurrentDirectoryA
FreeLibrary
GetProcAddress
LoadLibraryA
CreateFileA
GetTempFileNameA
GetTempPathA
ReadFile
PeekNamedPipe
GetProcessTimes
GetStartupInfoA
CreatePipe
Sleep
SetProcessPriorityBoost
SetThreadPriority
GetCurrentThread
SetPriorityClass
lstrcatA
lstrcpyA
GetEnvironmentVariableA
GetShortPathNameA
WriteFile
LockResource
LoadResource
SizeofResource
FindResourceA
CloseHandle
FileTimeToLocalFileTime
FileTimeToSystemTime
Process32Next
GetCurrentProcess
GetModuleFileNameA
GetLastError
_lopen
GetModuleHandleA

wininet

InternetCloseHandle
InternetReadFile
InternetOpenUrlA
InternetOpenA
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetGetConnectedState

advapi32

RegOpenKeyA
RegSetValueExA
RegDeleteValueA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey

msvcrt

_onexit
_exit
_XcptFilter
sprintf
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__dllonexit
__p__fmode
__set_app_type
_except_handler3
_controlfp
??3@YAXPAX@Z
_ftol
floor
__CxxFrameHandler
sscanf
atoi
strncpy
strchr
__p__commode
??2@YAPAXI@Z
exit

shell32

ShellExecuteExA
SHChangeNotify

mfc42

ord4203
ord540
ord941
ord939
ord535
ord815
ord561
ord800
ord537
ord859
ord858
ord940

msvcp60

??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??1_Winit@std@@QAE@XZ

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7552b709ea73bc0442d11e625b842977

Headers

File Characteristics

Imports

kernel32

wininet

advapi32

msvcrt

shell32

mfc42

msvcp60

Sections

.text Size: 10KB - Virtual size: 10KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 3KB - Virtual size: 19KB

.rsrc Size: 36KB - Virtual size: 36KB

.text
Size: 10KB - Virtual size: 10KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 3KB - Virtual size: 19KB

.rsrc
Size: 36KB - Virtual size: 36KB