2b647b10b8e8b8ed26235a388d4500f3_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2b647b10b8e8b8ed26235a388d4500f3_JaffaCakes118
Size

17KB
MD5

2b647b10b8e8b8ed26235a388d4500f3
SHA1

db5e75da4d6ad0c5758f3ec2e35e7211eb79b9b4
SHA256

d306666e880b380362332e92b9cd10ff2b25ee76ea44aa45b3c60169e4566112
SHA512

75ca672ee84948fd6bd0ae68700f1920fd5ccd9e6cd72c916fe6b5de28ac42f44bbf38bff3330e38835dd482004d81a206ed26fc50de6e4272763a7aba24b89a
SSDEEP

384:nK1LT1AUlZOfG0YFSJfzQYht3cJ8kvre54cZ4XYWWZf:KEgZOflJ5zQYbMOkzeGcqXYxf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b647b10b8e8b8ed26235a388d4500f3_JaffaCakes118

Files

2b647b10b8e8b8ed26235a388d4500f3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b14f6268f7818fcc0e55cea90d6e13b4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemInfo
Sleep
TerminateProcess
InitializeCriticalSection
ExitProcess
MoveFileA
GetModuleFileNameA
DeleteFileA
lstrcatA
GlobalMemoryStatusEx
QueryPerformanceCounter
QueryPerformanceFrequency
SetThreadPriority
SetPriorityClass
GetThreadPriority
GetCurrentThread
GetPriorityClass
GetCurrentProcess
lstrcpynA
EnterCriticalSection
GetVersionExA
lstrcpyW
GetTempPathA
CopyFileA
GetSystemDirectoryA
FreeResource
SizeofResource
LoadResource
FindResourceA
CreateFileA
Process32Next
lstrcmpiA
Process32First
CreateToolhelp32Snapshot
GetLastError
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
OpenProcess
GetCurrentProcessId
GetTickCount
TerminateThread
ExitThread
lstrcpyA
WriteFile
PeekNamedPipe
SleepEx
ReadFile
lstrlenA
ExpandEnvironmentStringsA
GetFileAttributesA
CreatePipe
GetStartupInfoA
CreateProcessA
CreateThread
LeaveCriticalSection
CloseHandle

user32

ExitWindowsEx
wsprintfA

advapi32

StartServiceCtrlDispatcherA
RegDeleteValueA
RegQueryValueExA
RegOpenKeyA
RegisterServiceCtrlHandlerA
SetServiceStatus
CloseServiceHandle
DeleteService
OpenServiceA
OpenSCManagerA
StartServiceA
RegSetValueExA
CreateServiceA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey

msvcrt

_except_handler3
memset
??2@YAPAXI@Z
memcpy
rand
srand
time
atoi
wcstombs
__CxxFrameHandler
??3@YAXPAX@Z

ws2_32

gethostbyname
inet_ntoa
WSAStartup
htonl
WSASocketA
socket
sendto
recv
send
htons
gethostname
inet_addr
connect
closesocket
setsockopt

wininet

InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetReadFile
HttpEndRequestA
InternetCloseHandle
InternetOpenUrlA

netapi32

NetUserAdd
NetLocalGroupAddMembers

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b14f6268f7818fcc0e55cea90d6e13b4

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

ws2_32

wininet

netapi32

Sections

.text Size: 11KB - Virtual size: 10KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 11KB - Virtual size: 10KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB