3c5f0687a58dce27589ab2765d564f36_JaffaCakes118

General

Target

3c5f0687a58dce27589ab2765d564f36_JaffaCakes118
Size

32KB
MD5

3c5f0687a58dce27589ab2765d564f36
SHA1

4af4fa4e39cfea805126bad2ae888e28f0996856
SHA256

19cff741dd8e41f0fa0378039beb76191c1215ef0304dfc8461233ad27221543
SHA512

3dede1ea5d3a530cf7b75b99eb412d6d1960e907c47f0d7b960e73e5a709fa1a67890371226c0995c975f3e89f6f14d4a88ce83d410cfdb3381b45c6356c4744
SSDEEP

384:TCVL3m+xH15yEC7/9Jr12hk34p59zLQNJM8HGV2hS+9izJ4TZ88hFM81:mVZHDg7tw64pkvGV2Lo942Wt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3c5f0687a58dce27589ab2765d564f36_JaffaCakes118

Files

3c5f0687a58dce27589ab2765d564f36_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f794633d19d39aee3b926e0161cfcb02

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WinExec
FindClose
FindFirstFileA
GetTickCount
GetProcAddress
LoadLibraryA
ResumeThread
SetThreadPriority
GetCurrentThread
SetPriorityClass
lstrcatA
GetEnvironmentVariableA
GetShortPathNameA
GetModuleFileNameA
SetFileAttributesA
GetSystemDirectoryA
GetLastError
FreeLibrary
GetVersionExA
GetModuleHandleA
ExitThread
ExitProcess
GetTempPathA
DeleteFileA
CreateProcessA
CreateThread
GetCurrentProcess
Sleep
GlobalMemoryStatus
GetComputerNameA
lstrlenA
lstrcpyA
CopyFileA
GetStartupInfoA

user32

wsprintfA
ExitWindowsEx

advapi32

OpenServiceA
RegOpenKeyA
CloseServiceHandle
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus
OpenSCManagerA
DeleteService
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
RegCreateKeyA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
CreateServiceA
StartServiceA

shell32

ShellExecuteA

msvcrt

_controlfp
printf
sprintf
rand
strstr
srand
time
strncpy
strcspn
exit
_except_handler3
malloc
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type

ws2_32

setsockopt
connect
socket
inet_addr
htons
send
WSAGetLastError
gethostbyname
gethostname
sendto
WSASocketA
inet_ntoa
htonl
WSAStartup
recv
closesocket
WSACleanup

wininet

DeleteUrlCacheEntry

Sections

.data
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f794633d19d39aee3b926e0161cfcb02

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

msvcrt

ws2_32

wininet

Sections

.data Size: 30KB - Virtual size: 30KB

.rsrc Size: 512B - Virtual size: 16B

.data
Size: 30KB - Virtual size: 30KB

.rsrc
Size: 512B - Virtual size: 16B