0d72e70d7441cb853fed00e7f77b5899_JaffaCakes118

General

Target

0d72e70d7441cb853fed00e7f77b5899_JaffaCakes118
Size

27KB
MD5

0d72e70d7441cb853fed00e7f77b5899
SHA1

1ac8a36c2832a6cc7f4093d8db2d9feeacaeb358
SHA256

779108792b42c8b72d42078150e68dbaa68f596ece1e8b565820d0c317e1f25b
SHA512

08b64d82d9df60bc0d3a8b2b40655aec8413273dd67492457547d36e21ff7984a16ba0d5f80a3075564c75a5c444ed9122ca12a77e363cce5b962edb049a409a
SSDEEP

384:c4EGO/vkTLNzC0U5J9uZNfwMSunGPGhVNfN0TW+wwsK:27/vkTZCD6qMjnGGVkzw6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d72e70d7441cb853fed00e7f77b5899_JaffaCakes118

Files

0d72e70d7441cb853fed00e7f77b5899_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0acfc93e6620439224f28237748b7c17

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathA
ExitProcess
GetTickCount
lstrcmpiA
SetFileAttributesA
CopyFileA
GetLastError
CreateMutexA
GetProcAddress
LoadLibraryA
ResumeThread
CreateProcessA
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetCurrentProcess
GetEnvironmentVariableA
DeleteFileA
GetModuleFileNameA
lstrlenA
GetVersionExA
GetModuleHandleA
WinExec
GlobalMemoryStatus
GetSystemDirectoryA
ExitThread
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateThread
GetFileAttributesA
FindClose
lstrcatA
FindFirstFileA
FindNextFileA
lstrcpyA
GetDriveTypeA
Sleep
GetShortPathNameA
GetStartupInfoA

advapi32

SetServiceStatus
CreateServiceA
StartServiceA
RegOpenKeyA
RegSetValueExA
CloseServiceHandle
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
OpenSCManagerA
OpenServiceA
DeleteService
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

ShellExecuteA
SHGetFileInfoA

msvcrt

printf
sprintf
fclose
fread
fseek
_stat
fopen
fwrite
strstr
exit
_except_handler3
atoi
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp

ws2_32

sendto
socket
htons
gethostbyname
inet_addr
closesocket
WSAStartup
inet_ntoa
setsockopt
WSASocketA
recv
WSAGetLastError
htonl
send
WSACleanup
connect

wininet

DeleteUrlCacheEntry

Sections

.data
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0acfc93e6620439224f28237748b7c17

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

msvcrt

ws2_32

wininet

Sections

.data Size: 25KB - Virtual size: 25KB

.rsrc Size: 512B - Virtual size: 16B

.data
Size: 25KB - Virtual size: 25KB

.rsrc
Size: 512B - Virtual size: 16B