0b449fb2f6c1aa028ba7843863e0a256_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0b449fb2f6c1aa028ba7843863e0a256_JaffaCakes118
Size

14KB
MD5

0b449fb2f6c1aa028ba7843863e0a256
SHA1

2574c8741ad15bc208b77358cb2e8c153335d740
SHA256

0a20f2908e77453163a23c8a025f04071e1aaa141e3c2a37cc9c75686a702203
SHA512

57705b8417e8425cfaacbe6d2bb9704490d1bc04681f8e509bb9bc2f48644060e4b75ca3886b1018e1a3304df343b71b5e60229197019b34a48b079218e198ef
SSDEEP

192:46n9t86hTr+fyzf6SZIfwVNMtiBMmxRd4qsKAW0PyVi4LfPn53rajwAYeHeUFVV0:x71rdp2WMmxm4D1rash+e4+D

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b449fb2f6c1aa028ba7843863e0a256_JaffaCakes118

Files

0b449fb2f6c1aa028ba7843863e0a256_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a414dffdd3329e14c660f2dfc440aac2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateThread
DeleteFileA
ExitProcess
FindClose
FindFirstFileA
FindNextFileA
FindResourceA
FreeResource
GetDiskFreeSpaceA
GetDriveTypeA
GetEnvironmentVariableA
GetFileAttributesA
GetFileSize
GetFileTime
GetLastError
GetLocalTime
GetLogicalDrives
GetModuleFileNameA
GetSystemDirectoryA
GetTempPathA
GetVersionExA
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
GlobalMemoryStatus
LoadResource
LockResource
CreateProcessA
ReadFile
ReadProcessMemory
RtlMoveMemory
RtlZeroMemory
SetCurrentDirectoryA
SetErrorMode
SetFileAttributesA
SetFilePointer
SizeofResource
Sleep
VirtualAlloc
VirtualFree
VirtualQueryEx
WideCharToMultiByte
WriteFile
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA
CreateMutexA
CreateFileA
CreateDirectoryA
CopyFileA
OpenProcess
CloseHandle

user32

GetAsyncKeyState
wsprintfA
MessageBoxA

shell32

ShellExecuteA

shlwapi

PathMatchSpecA
PathFindFileNameA

wininet

FtpSetCurrentDirectoryA
InternetOpenA
FtpPutFileA
FtpOpenFileA
InternetConnectA
InternetCloseHandle
FtpCreateDirectoryA

wsock32

WSAStartup
socket
send
closesocket
inet_addr
htons
gethostname
gethostbyname
connect
inet_ntoa

advapi32

GetUserNameA
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

ntdll

RtlDecompressBuffer

netapi32

NetApiBufferFree
NetUserEnum

psapi

EnumProcesses
GetModuleFileNameExA

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a414dffdd3329e14c660f2dfc440aac2

Headers

File Characteristics

Imports

kernel32

user32

shell32

shlwapi

wininet

wsock32

advapi32

ntdll

netapi32

psapi

Sections

.text Size: 11KB - Virtual size: 11KB

.data Size: 1024B - Virtual size: 147KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 11KB - Virtual size: 11KB

.data
Size: 1024B - Virtual size: 147KB

.rsrc
Size: 1KB - Virtual size: 1KB