fda350f8fa68a9204b43b08207454f6d_JaffaCakes118

General

Target

fda350f8fa68a9204b43b08207454f6d_JaffaCakes118
Size

125KB
MD5

fda350f8fa68a9204b43b08207454f6d
SHA1

d08ccb2820c6ee03562ff54c58f38416fb62cbd2
SHA256

be273494aab6271a53be1ae02978ec1ca3c8409cfea0d666bc9b420f4fc9968c
SHA512

76bfd07c5107751ac909411bdf96c449aad33c46a9a6b4ded12456f608b7df905ed137b222d7cdb8111ba900ca8fa3ee8be55e0f7fa2dd31348f464d0377667e
SSDEEP

3072:1iXdCkhXYNGngIhRhUCWMhUmhUCWlJlhUCWlJNhUCWlJ:oXdCGuIjyVMymyVlLyVl7yVl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fda350f8fa68a9204b43b08207454f6d_JaffaCakes118

Files

fda350f8fa68a9204b43b08207454f6d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

72fa9988a6ca9d290d0febad4a078307

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathA
GetWindowsDirectoryA
GetModuleFileNameA
GetModuleHandleA
CreateThread
CreateFileA
CreateProcessA
CopyFileA
OpenMutexA
GetSystemDirectoryA
GetTickCount
WriteFile
CloseHandle
CreateMutexA
Sleep
LoadLibraryA
GetProcAddress
GetOEMCP
GetACP
GetCPInfo
FlushFileBuffers
SetStdHandle
HeapReAlloc
VirtualAlloc
HeapAlloc
SetFilePointer
GetStringTypeW
GetStringTypeA
RtlUnwind
VirtualFree
HeapCreate
HeapDestroy
GetFileType
ExitProcess
TerminateProcess
GetCurrentProcess
GetStartupInfoA
GetCommandLineA
GetVersion
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
HeapFree
GetLastError
ReadFile
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
SetEndOfFile

advapi32

RegSetValueExA
RegCloseKey
RegCreateKeyExA

shell32

ShellExecuteA

wininet

InternetCloseHandle
InternetReadFile
InternetOpenUrlA
InternetOpenA

wsock32

inet_addr
gethostbyaddr
WSAStartup
gethostbyname
socket
connect
send
closesocket
WSACleanup
recv
htons

Sections

code
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

72fa9988a6ca9d290d0febad4a078307

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

wininet

wsock32

Sections

code Size: 48KB - Virtual size: 48KB

.avp Size: 2KB - Virtual size: 4KB

code
Size: 48KB - Virtual size: 48KB

.avp
Size: 2KB - Virtual size: 4KB