171c6b0d579243fd09cadc24fd09f58d_JaffaCakes118

General

Target

171c6b0d579243fd09cadc24fd09f58d_JaffaCakes118
Size

28KB
MD5

171c6b0d579243fd09cadc24fd09f58d
SHA1

55ba285e1e896a97c172bc49ca60f021cc8caf37
SHA256

02b8b36ce54c2824ebbee3d6571e06960730e35a71bdd65b5e76cbeff5d3e954
SHA512

727690dbccaf682168971e26930c58837c241c2420bb660f84ed25639f2e0b02a03fd11f8fb0f3996e1f549075b644084212426bc5a5ef4a4dc62826bdfb00cd
SSDEEP

384:m20MRCReKRq2ZRbzyUgmNcGuABWRMnuLt:vTqeKg2ZRbzyUgmeGtURMn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
171c6b0d579243fd09cadc24fd09f58d_JaffaCakes118

Files

171c6b0d579243fd09cadc24fd09f58d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b06435e88232cde7cd0ff95f38ab3509

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetReadFile
InternetOpenA
InternetCloseHandle
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetErrorDlg
InternetConnectA

advapi32

SetSecurityDescriptorDacl
RegOpenKeyA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetUserNameA
InitializeSecurityDescriptor

user32

PostThreadMessageA
GetDesktopWindow
GetMessageA

msvcrt

fclose
_filbuf
fopen
strrchr
sprintf
_sleep
strlen
fwrite
fprintf
strtok
free
strstr
atoi
_strupr
_strnicmp
fscanf
strcat
strncpy
memset
_snprintf
realloc
malloc
fflush
_filelength
_strdup
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
strcpy
strcmp
exit
strncmp
memcpy

iphlpapi

GetAdaptersInfo

ws2_32

inet_ntoa
gethostbyname
WSAStartup
WSACleanup
gethostname

shell32

DoEnvironmentSubstA

shlwapi

PathFileExistsA

psapi

EnumProcessModules
GetModuleBaseNameA
EnumProcesses

kernel32

GetComputerNameA
CreateProcessA
GetVersionExA
DeleteFileA
SetFileAttributesA
GetModuleHandleA
GetStartupInfoA
GetLastError
OpenProcess
CreateFileA
DeviceIoControl
CloseHandle
GetModuleFileNameA
GetCurrentThreadId
Sleep
CreateMutexA

Sections

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b06435e88232cde7cd0ff95f38ab3509

Headers

File Characteristics

Imports

wininet

advapi32

user32

msvcrt

iphlpapi

ws2_32

shell32

shlwapi

psapi

kernel32

Sections

.text Size: 12KB - Virtual size: 9KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 8KB - Virtual size: 9KB

.text
Size: 12KB - Virtual size: 9KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 8KB - Virtual size: 9KB