370947e6c802d21a732ac0cc024c4fcf_JaffaCakes118

General

Target

370947e6c802d21a732ac0cc024c4fcf_JaffaCakes118
Size

40KB
MD5

370947e6c802d21a732ac0cc024c4fcf
SHA1

8a7f770034cd4c85495a4123958d9c04a9b411dd
SHA256

58845976c253fe90e980d46a3e6702494db9dcf46b868ba6f5b7dfdec59cc594
SHA512

1ae8f952ea9d5a2e1c27165f7d35651e317d5b0c6cdb66163ec8fa116434ec17b412d922c879deae93ee6975ae3ab0a395c9260b24b5730505e3ccc04e7ea918
SSDEEP

768:vw3IW0NLNlkOVQVPeiAbE/pVzEq+aJe1mgawzxsUNCub8PC1jIHxATVGurwYCh:I3XyLNlkOaBmApR1+aJe1mgawzxsBubs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
370947e6c802d21a732ac0cc024c4fcf_JaffaCakes118

Files

370947e6c802d21a732ac0cc024c4fcf_JaffaCakes118
.exe windows:4 windows x86 arch:x86

441ae34d926ac3538c8403dd2b5e6f60

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
LocalAlloc
Sleep
CreateThread
CreateMutexA
CopyFileW
GetFileSize
CreateProcessA
GetEnvironmentVariableW
GetShortPathNameW
GetStartupInfoA
GetModuleHandleA
ReadFile
LocalFree
GetLastError
GetModuleFileNameW
CloseHandle

user32

SendMessageA
FindWindowExA

advapi32

RegQueryValueExA
RegCloseKey
RegSetValueExW
RegOpenKeyExA

shell32

SHGetSpecialFolderPathW
ShellExecuteW

msvcrt

_controlfp
_except_handler3
__set_app_type
__CxxFrameHandler
strlen
sprintf
memset
memcpy
strcpy
strcat
_mbsnbcpy
_mbsnbcmp
atol
_mbscmp
atoi
fclose
fwrite
fopen
strstr
wcslen
wcstombs
setlocale
wcscmp
wcscat
mbstowcs
wcsrchr
wcscpy
getenv
strcmp
free
__dllonexit
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_strnicmp

wininet

HttpAddRequestHeadersA
HttpOpenRequestA
HttpEndRequestA
InternetWriteFile
HttpSendRequestA
InternetReadFile
HttpQueryInfoA
InternetAttemptConnect
InternetCloseHandle
InternetConnectA
InternetOpenA
HttpSendRequestExA

ws2_32

gethostbyname
inet_ntoa
WSAStartup
gethostname

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

441ae34d926ac3538c8403dd2b5e6f60

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

msvcrt

wininet

ws2_32

Sections

.text Size: 9KB - Virtual size: 9KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 1KB - Virtual size: 3.8MB

.rsrc Size: 24KB - Virtual size: 24KB

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 1KB - Virtual size: 3.8MB

.rsrc
Size: 24KB - Virtual size: 24KB