26ebabd5d53436f9d25637230b73cd2e_JaffaCakes118

General

Target

26ebabd5d53436f9d25637230b73cd2e_JaffaCakes118
Size

112KB
MD5

26ebabd5d53436f9d25637230b73cd2e
SHA1

60f25fe48ee43e11396f23649b4aec7509f3fcd1
SHA256

ed53b78f2569f1b138fd6efd917090336bd717791c5f3fdc010d2dbae6528dca
SHA512

ca87fee83a035c79113af021e2ae07bce8c182aa08401995516f4ff9789169fac2c1e0048da32929d7a53e681e37803343607b539b6bdc3b73039f6e1762ef5e
SSDEEP

1536:xDHnTqa6ZvcoWIUVgTTcF4PxL76i1POD7n6oZ5:xL2TcoWhNwB7LODuoZ5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
26ebabd5d53436f9d25637230b73cd2e_JaffaCakes118

Files

26ebabd5d53436f9d25637230b73cd2e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d2d8619fbd188db05429cab2f375be1e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenProcess
Process32First
CreateToolhelp32Snapshot
WriteFile
CreateFileA
GetWindowsDirectoryA
TerminateProcess
LockResource
LoadResource
FindResourceA
GetModuleHandleA
GetComputerNameA
Process32Next
Sleep
GetLastError
GetProcessHeap
HeapAlloc
HeapFree
SizeofResource
CloseHandle
FlushFileBuffers
GetStringTypeW
RtlUnwind
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
SetFilePointer
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
SetStdHandle
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA

advapi32

RegOpenKeyA
RegSetValueExA
RegCloseKey
OpenProcessToken
GetTokenInformation
LookupAccountSidA
GetUserNameA

shell32

ShellExecuteA

ws2_32

send
recv
WSAResetEvent
WSAWaitForMultipleEvents
WSAEventSelect
WSACreateEvent
WSAStartup
htons
closesocket
getsockname
connect
gethostbyname
bind
socket
inet_ntoa
WSACleanup

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d2d8619fbd188db05429cab2f375be1e

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

ws2_32

Sections

.text Size: 32KB - Virtual size: 28KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 8KB - Virtual size: 9KB

.rsrc Size: 64KB - Virtual size: 60KB

.text
Size: 32KB - Virtual size: 28KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 8KB - Virtual size: 9KB

.rsrc
Size: 64KB - Virtual size: 60KB