f688ea7cc2eb82a99fc6288734093607_JaffaCakes118

General

Target

f688ea7cc2eb82a99fc6288734093607_JaffaCakes118
Size

14KB
MD5

f688ea7cc2eb82a99fc6288734093607
SHA1

e4b6fd61d7dc82e15b8f36fbf4b56db76ee7289f
SHA256

8d33a986b0892db2ca0f848bd1efe08533813ece9171dd85798c2019722fe8c2
SHA512

c6deb339930bfd9fe9b16db1065f9e53c439c110e0924b84765345a58aa4b6f9ee2f1f242e3f826972acf5ecc5804eac580b3da4927615030ab04be069662fe9
SSDEEP

384:2a+XdG8jpFYvhPfZ1Cye6eIxUL0Vza/4xyOdg0:2PI8jYvhPhgY6wQXO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f688ea7cc2eb82a99fc6288734093607_JaffaCakes118

Files

f688ea7cc2eb82a99fc6288734093607_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d89bd1e680f65da4e153fef6e1959123

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetOpenA
InternetReadFile
InternetOpenUrlA

shell32

SHGetFolderPathA

ntdll

ZwQuerySystemInformation
ZwCreateSection

shlwapi

SHGetValueA
SHSetValueA

wsock32

__WSAFDIsSet
select
getsockname
getpeername
shutdown
accept
listen
bind
inet_ntoa
gethostbyname
gethostname
WSACleanup
closesocket
connect
socket
WSAStartup
recv
send

advapi32

RegSetValueExA
OpenServiceA
CloseServiceHandle
StartServiceA
CreateServiceA
OpenSCManagerA
RegCreateKeyA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA

user32

FindWindowExA
wsprintfA
SendMessageA
FindWindowA
MessageBoxA

kernel32

WaitForSingleObject
SetThreadPriority
OpenMutexA
CreateMutexA
FreeLibrary
GetLastError
GetEnvironmentVariableA
ResumeThread
SetThreadContext
GetThreadContext
WriteProcessMemory
VirtualAllocEx
TerminateProcess
CreateProcessA
LocalFree
LocalAlloc
DeviceIoControl
LoadLibraryExA
ExitThread
CreateThread
GetProcAddress
LoadLibraryA
CopyFileA
GetModuleFileNameA
GetModuleHandleA
WinExec
DeleteFileA
lstrcatA
Sleep
UnmapViewOfFile
MapViewOfFile
lstrlenA
CloseHandle
OpenFile
WriteFile
VirtualFree
VirtualAlloc
ExitProcess

Sections

.text
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d89bd1e680f65da4e153fef6e1959123

Headers

File Characteristics

Imports

wininet

shell32

ntdll

shlwapi

wsock32

advapi32

user32

kernel32

Sections

.text Size: 14KB - Virtual size: 16KB

.text
Size: 14KB - Virtual size: 16KB