e136c1a2feb5982c8e10a97108c091c2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e136c1a2feb5982c8e10a97108c091c2_JaffaCakes118
Size

52KB
MD5

e136c1a2feb5982c8e10a97108c091c2
SHA1

a481d81fa1ef0b2f39ee46815acfafc646465b55
SHA256

5a5c19fbefd1190acf7fd84d4c00ed827b43347472649b63f523ad48110889c1
SHA512

2f13769de0e4661c3b5ccfc92cf9e71f2edd9df05a46ca6a61fd23e25a9233becda1b4d62936e08ade1f96c90d4ed387b45a6039af7bf447f03765f6508f93b6
SSDEEP

768:ny3nl0xCF4l6L8USJws8mXw7w0tU97bgxciGGNGUXIN5WtJmC:nAlYCFkLMw0tU94xcnStJv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e136c1a2feb5982c8e10a97108c091c2_JaffaCakes118

Files

e136c1a2feb5982c8e10a97108c091c2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

489383e499baa1c5493ccd121782da1e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
GetLocaleInfoA
InterlockedDecrement
GetTickCount
CreateProcessA
lstrcmpiA
CreateThread
GetProcAddress
LoadLibraryA
CloseHandle
CreateFileA
GetSystemDirectoryA
GetModuleFileNameA
ExitThread
GetLastError
CreateMutexA
RaiseException
LocalFree
lstrlenA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
ReadFile
SetEndOfFile
WideCharToMultiByte
GlobalAlloc
GlobalLock
ExitProcess
GlobalUnlock
GetOEMCP
GetACP
GetCPInfo
FlushFileBuffers
SetStdHandle
SetFilePointer
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetCurrentProcess
HeapSize
TerminateProcess
WriteFile
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
RtlUnwind
HeapAlloc
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
HeapFree
HeapDestroy
HeapCreate

user32

SetClipboardData
OpenClipboard
SetFocus
SetForegroundWindow
BlockInput
CloseClipboard
VkKeyScanA
keybd_event
MessageBoxA
EmptyClipboard

advapi32

RegSetValueExA
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA

ole32

CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

SysStringLen
SysAllocString
VariantClear
SysFreeString
GetErrorInfo
VariantInit

ws2_32

closesocket
WSAStartup
htons
inet_ntoa
gethostbyname
recv
send
inet_addr
WSACleanup
connect
socket

wininet

InternetOpenUrlA
InternetOpenA
InternetReadFile

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

489383e499baa1c5493ccd121782da1e

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

ws2_32

wininet

Sections

.text Size: 36KB - Virtual size: 33KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 10KB

.text
Size: 36KB - Virtual size: 33KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 10KB