05f43e15b54e4596d4a3d669c0726c52_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

05f43e15b54e4596d4a3d669c0726c52_JaffaCakes118
Size

31KB
MD5

05f43e15b54e4596d4a3d669c0726c52
SHA1

e7ac8984dc108b76ab1c01e74ae457c9279f84d7
SHA256

e1f5ad4ca03823a0866c01fe8df0ee3d5d74bbca9822131a63b26c8bf1b47d57
SHA512

79c652db5b824e4bc6357619c8f9724147e0c3301c1684b732ec7b7222e76034e75587c57976861580189a9080ba85a7603b6632caf3287b2d706d35dce68818
SSDEEP

384:USJcSELAkOhZwWzfHEbsFfj5gmlyVbUccJqDm9WNXzkhy2fVuO7kGZZPo6drla9X:PlhZw4fHE4FlGYWzs/V5kGZZPoGa9Im

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
05f43e15b54e4596d4a3d669c0726c52_JaffaCakes118

Files

05f43e15b54e4596d4a3d669c0726c52_JaffaCakes118
.exe windows:4 windows x86 arch:x86

378240a32f31935506385283a6fa8eb1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetDiskFreeSpaceA
lstrcmpA
GetDriveTypeA
GetLogicalDriveStringsA
WriteFile
CopyFileA
UnmapViewOfFile
ExitProcess
GetModuleFileNameA
GetModuleHandleA
GetSystemDirectoryA
SetCurrentDirectoryA
GetCurrentProcess
SetFileTime
GetFileTime
CreateThread
lstrlenA
SetSystemTime
GetSystemTime
LoadLibraryA
DeviceIoControl
FreeLibrary
GlobalFree
LoadLibraryExA
GlobalAlloc
GetProcAddress
GetSystemDirectoryW
SizeofResource
LoadResource
FindResourceA
GetStringTypeA
LCMapStringW
GetCurrentDirectoryA
FindNextFileA
GetLastError
FileTimeToLocalFileTime
FindFirstFileA
lstrcpynA
FindClose
CreateFileA
GetFileSize
DeleteFileA
SetFilePointer
ReadFile
GetWindowsDirectoryA
GetTempFileNameA
lstrcatA
lstrcpyA
GetVersion
CreateProcessA
WaitForSingleObject
CloseHandle
Sleep
LCMapStringA
MultiByteToWideChar
GetOEMCP
GetACP
GetCPInfo
RtlUnwind
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
TerminateProcess
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetCommandLineA
HeapFree
HeapAlloc
GetStartupInfoA
GetStringTypeW

user32

wsprintfA

advapi32

RegSetValueExA
CreateServiceA
StartServiceA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
RegCreateKeyExA
RegCreateKeyA
RegQueryValueExA
RegCloseKey
RegRestoreKeyA
RegOpenKeyExA
RegSaveKeyA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

shell32

StrChrA
StrStrA
StrRChrA

ws2_32

WSACleanup
closesocket
inet_addr
gethostbyname
inet_ntoa
WSAStartup
recv
WSAGetLastError
htons
socket
setsockopt
send
connect
gethostname

shlwapi

StrToIntA
PathFileExistsA
StrCatW

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

378240a32f31935506385283a6fa8eb1

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ws2_32

shlwapi

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 3KB - Virtual size: 5KB

.rsrc Size: 3KB - Virtual size: 3KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 3KB - Virtual size: 5KB

.rsrc
Size: 3KB - Virtual size: 3KB