142bcfcb646442c1dec2a2aef12ed5fb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

142bcfcb646442c1dec2a2aef12ed5fb_JaffaCakes118
Size

34KB
MD5

142bcfcb646442c1dec2a2aef12ed5fb
SHA1

0dac51e9066765dcdfe53fc46ba1b5bafe5dc667
SHA256

a144e8f757089fa3188cf5b646f3845b80a3be6081b91bd105f55b914bee7051
SHA512

64b042a4630968a1a8b47f1aead12efb599c40f791235fb975522a1a31113dd7de84b73b2806a017ea9fc697ec5cd57ca58d1820d5be47e50c8280d6d886c9f7
SSDEEP

768:8aqT7UQaibpPBvW642WN/WSxE1AKBBJ8aZg/l9Jb2z:6T7phsP20PE24BilP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
142bcfcb646442c1dec2a2aef12ed5fb_JaffaCakes118

Files

142bcfcb646442c1dec2a2aef12ed5fb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ede18639cc316b39f2b5e3f969bf4625

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

gethostbyname
WSAStartup
ioctlsocket
WSACleanup

shlwapi

SHDeleteKeyA

kernel32

lstrcatA
WritePrivateProfileStringA
GetPrivateProfileSectionNamesA
GetProcAddress
LoadLibraryA
GetFileAttributesA
Sleep
UnmapViewOfFile
DeleteFileA
WinExec
lstrcmpA
FreeLibrary
lstrcpynA
GetTickCount
GetCurrentThreadId
CloseHandle
PulseEvent
OpenEventA
MapViewOfFileEx
CreateFileMappingA
VirtualAlloc
VirtualFree
VirtualProtect
SetThreadContext
FlushInstructionCache
VirtualProtectEx
GetThreadContext
GetExitCodeThread
ResumeThread
OpenProcess
CreateProcessA
SetLastError
GetVersionExA
VirtualAllocEx
IsBadReadPtr
GetModuleHandleA
OpenFile
CreateEventA
WaitForSingleObject
SetFileTime
GetFileTime
CreateFileA
GetSystemDirectoryA
GetTempPathA
GetWindowsDirectoryA
CreateThread
CopyFileA
GetTempFileNameA
GetFileSize
MapViewOfFile
RemoveDirectoryA
ExitProcess
SetEvent
ExitThread
ResetEvent
WaitForSingleObjectEx
GetModuleFileNameA
GetCurrentProcessId
OutputDebugStringA
GetCurrentProcess
HeapAlloc
lstrlenA
HeapReAlloc
GetLastError
lstrcpyA
HeapFree
GetProcessHeap
lstrcmpiA
DuplicateHandle

user32

TranslateMessage
wsprintfA
wvsprintfA
GetMessageA
GetDesktopWindow
DispatchMessageA
MessageBoxA

advapi32

RegQueryValueExA
RegDeleteValueA
RegCreateKeyExA
RegEnumValueA
RegEnumKeyExA
RegOpenKeyExA
RegQueryInfoKeyA
RegSetValueExA
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey

shell32

ShellExecuteA
SHGetSpecialFolderPathA

wininet

FindNextUrlCacheEntryA
FindFirstUrlCacheEntryA
FindCloseUrlCache

Exports

Exports

__r@4
__w@4
_s

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ede18639cc316b39f2b5e3f969bf4625

Headers

File Characteristics

Imports

wsock32

shlwapi

kernel32

user32

advapi32

shell32

wininet

Exports

Exports

Sections

.text Size: 30KB - Virtual size: 29KB

.reloc Size: 3KB - Virtual size: 2KB

Size: 512B - Virtual size: 4KB

.text
Size: 30KB - Virtual size: 29KB

.reloc
Size: 3KB - Virtual size: 2KB