db8075dedd1a67bad40807a710fbfdd0_JaffaCakes118

General

Target

db8075dedd1a67bad40807a710fbfdd0_JaffaCakes118
Size

28KB
MD5

db8075dedd1a67bad40807a710fbfdd0
SHA1

c8a3b033dc9cb47c9435aba6b6df3189ce7cf347
SHA256

f08799e6144cadeafbdfa0fb900fa3f1d9a0ff428de69074416c9f7ca15711f7
SHA512

0e2423cccbbbfc6a48b3934a3b42d2dd97cb3603cf3cb5b0a2d7107e05994045bc0fe404a75228c8ee81942d4f8309d1ba19636d2b01904100ee374e9f2644ed
SSDEEP

192:J4UOeh74ld1MydiBRoa1/ri2Auvdcw0qMNc6/2u8XL8CvAnVL87yH7TYcL3haJY:W/G7Fu2RRrNf1b2cpAVgkYvMnh3i51j

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
db8075dedd1a67bad40807a710fbfdd0_JaffaCakes118

Files

db8075dedd1a67bad40807a710fbfdd0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0027849ca3704bf35ef01b52d8e8caf6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForMultipleObjects
CreateThread
CreateProcessA
DuplicateHandle
GetCurrentProcess
ExitThread
ReadFile
PeekNamedPipe
DeleteCriticalSection
WaitForSingleObject
SetFilePointer
GetFileSize
CreateFileA
InitializeCriticalSection
WriteFile
TerminateProcess
LeaveCriticalSection
EnterCriticalSection
ResetEvent
Process32Next
Process32First
CreateToolhelp32Snapshot
GetVersionExA
GetLastError
OpenProcess
WinExec
SetFileAttributesA
GetModuleFileNameA
CreateEventA
GetModuleHandleA
Sleep
TerminateThread
DisconnectNamedPipe
CreatePipe
SetEvent
CloseHandle
GetStartupInfoA

ws2_32

setsockopt
WSACleanup
select
__WSAFDIsSet
closesocket
recv
inet_addr
htons
socket
connect
send
WSAStartup

wininet

InternetQueryOptionA

msvcrt

_exit
_controlfp
_except_handler3
__set_app_type
__p__fmode
rand
srand
time
free
malloc
atof
_beginthread
??3@YAXPAX@Z
??2@YAPAXI@Z
sprintf
atoi
fclose
fprintf
fopen
_ftol
_beginthreadex
strchr
strstr
__p__commode
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv

urlmon

URLDownloadToFileA

advapi32

AdjustTokenPrivileges
OpenProcessToken
LookupAccountSidA
GetTokenInformation
LookupPrivilegeValueA

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0027849ca3704bf35ef01b52d8e8caf6

Headers

File Characteristics

Imports

kernel32

ws2_32

wininet

msvcrt

urlmon

advapi32

Sections

.text Size: 16KB - Virtual size: 12KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 1KB

.text
Size: 16KB - Virtual size: 12KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 1KB