17683ae28071b138dda80a3e58cd0352_JaffaCakes118

General

Target

17683ae28071b138dda80a3e58cd0352_JaffaCakes118
Size

12.0MB
MD5

17683ae28071b138dda80a3e58cd0352
SHA1

6f392a2462e66a41adb349451faba8b170f8436e
SHA256

f6075847299c315b258eb6488575929e9ecd570f73dc130eed51ad8e9674a88f
SHA512

3afe0f7767fd27b6aeaa81be624192ad590ec27da0b9650494e118094687b980d6c98c4b3ebe0d427e84ebcd8c565617c00548f31f0e2eea35efe76391d96b46
SSDEEP

768:pN6ZSbmAfgn8taVmhbatYgFZ8veGb3FHZ4Wx:H6kKAf3ta1Z8GGbRZnx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
17683ae28071b138dda80a3e58cd0352_JaffaCakes118

Files

17683ae28071b138dda80a3e58cd0352_JaffaCakes118
.exe .vbs windows:4 windows x86 arch:x86 polyglot

df1fb1afa654ee32bc97959a5894cc02

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WinExec
lstrcmpiA
lstrcpyA
WritePrivateProfileStringA
GetFileAttributesA
LoadLibraryA
lstrcatA
GetPrivateProfileStringA
GlobalUnlock
GlobalLock
GlobalAlloc
GetWindowsDirectoryA
CloseHandle
WriteFile
CreateFileA
GetProcAddress
ExitProcess
GetCurrentProcess
Sleep
GetShortPathNameA
CreateDirectoryA
GetCommandLineA
lstrlenA
SetFilePointer
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
CreateThread
FreeLibrary
GetTickCount
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DeleteFileA
MoveFileExA
GetSystemDirectoryA

user32

GetWindowTextA
GetWindowLongA
MessageBoxA
wsprintfA
GetMessageA
TranslateMessage
IsWindow
OpenClipboard
EmptyClipboard
CloseClipboard
SetClipboardData
keybd_event
VkKeyScanA
DispatchMessageA
GetForegroundWindow
GetClassNameA

advapi32

OpenProcessToken
LookupPrivilegeValueA

shell32

SHGetSpecialFolderPathA

msvcrt

strstr
srand
rand
??2@YAPAXI@Z
_strlwr

ws2_32

socket
WSAStartup
WSACleanup
gethostbyname
gethostname
htons
connect

netapi32

Netbios

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

df1fb1afa654ee32bc97959a5894cc02

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

msvcrt

ws2_32

netapi32

Sections

.text Size: 32KB - Virtual size: 32KB

.rsrc Size: 8KB - Virtual size: 8KB

.text
Size: 32KB - Virtual size: 32KB

.rsrc
Size: 8KB - Virtual size: 8KB