fd6859142790b272b50c6d65d47fdbb4_JaffaCakes118

General

Target

fd6859142790b272b50c6d65d47fdbb4_JaffaCakes118
Size

20KB
MD5

fd6859142790b272b50c6d65d47fdbb4
SHA1

a0b5073b7e91349bd3d4c1626c95370b3437526c
SHA256

0bf0fbb483f994760587ff4a3d96899aab4ee411144fcd8a7a33aa29af5ab5cc
SHA512

f02ec4e918af6e06c70049a6bee50520839d8fe97574b7299f40cf8c64461a155354ffffd977dbaa51f5de5fc9505d7ead360dbd5dea096e5768c0d0181abce2
SSDEEP

384:PMa2stex5CAAbcve4FbyYDEyt0hPuUWFwQeM4edjYE0W:PMuY3Z6j4FBD/0hPuvaQeM4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fd6859142790b272b50c6d65d47fdbb4_JaffaCakes118

Files

fd6859142790b272b50c6d65d47fdbb4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e1aaef5dee9147a64f026e397865e4e0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

htonl
WSASocketA
setsockopt
sendto
inet_addr
gethostbyname
recv
WSACleanup
WSAGetLastError
closesocket
WSAStartup
socket
htons
connect
send
WSAAsyncSelect

kernel32

GetCommandLineA
GetStartupInfoA
GetProcessHeap
HeapAlloc
GetCurrentProcessId
GetComputerNameA
GetVersionExA
GetTickCount
GetWindowsDirectoryA
GetCurrentProcess
CreateRemoteThread
GetProcAddress
GetModuleHandleA
WriteProcessMemory
VirtualAllocEx
lstrlenA
OpenProcess
CloseHandle
Process32Next
Process32First
CreateToolhelp32Snapshot
GetLocalTime
SetPriorityClass
GetLastError
CreateMutexA
GetSystemDirectoryA
ExitProcess
WinExec
CopyFileA
DeleteFileA
GetModuleFileNameA
CreateDirectoryA
ResumeThread
CreateThread
Sleep
WriteFile
CreateFileA
lstrcatA
lstrcpyA
FreeLibrary
LoadLibraryA
GlobalMemoryStatus

user32

DefWindowProcA
ExitWindowsEx
PostQuitMessage
RegisterClassA
CreateWindowExA
ShowWindow
UpdateWindow
SendMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA

advapi32

RegCloseKey
RegSetValueExA
RegOpenKeyA
AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueA

msvcp60

??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ

msvcrt

__CxxFrameHandler
printf
rand
strcspn
strncpy
atoi
_stricmp
strstr
sprintf
malloc
_strupr
_strlwr
_itoa
_strrev

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e1aaef5dee9147a64f026e397865e4e0

Headers

File Characteristics

Imports

ws2_32

kernel32

user32

advapi32

msvcp60

msvcrt

Sections

.text Size: 11KB - Virtual size: 11KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 1KB - Virtual size: 1KB

.text
Size: 11KB - Virtual size: 11KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 1KB - Virtual size: 1KB