397ab4a9667bd3e4a5c7153b913148f9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

397ab4a9667bd3e4a5c7153b913148f9_JaffaCakes118
Size

26KB
MD5

397ab4a9667bd3e4a5c7153b913148f9
SHA1

21587c5a4c8c72735ce74b9911a30eed0b42277a
SHA256

df3f0309f20a7fe957c17997b2e5c8d2230370d46b3defc44b16e6ec01c8f787
SHA512

da5c4d3f7da765d0959b955e383b678322c90dc0aacbd9736c4f2dee566d1b78a911ab010fde0f8f17afe2b93911a7a3e119e045319ef5eba3ef691bb8a90cdc
SSDEEP

384:t+bQUOvF8bwJDyDnfiNihJW45FhMuPWSGomFjDGnXmwuk2ZB/SlezG6UY8FfnYMm:Y3O4WuPdO5GnXmwaS2G/YNyN2jq9YY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
397ab4a9667bd3e4a5c7153b913148f9_JaffaCakes118

Files

397ab4a9667bd3e4a5c7153b913148f9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d9dadb834eb0c14aff202d38b47240da

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CreateStreamOnHGlobal
CoTaskMemFree

kernel32

GetVolumeInformationA
GetComputerNameA
GetCurrentDirectoryA
CloseHandle
CreateFileA
CreateFileMappingA
CreateToolhelp32Snapshot
ExitProcess
lstrlenW
FindClose
FindFirstFileA
lstrlenA
lstrcpyA
lstrcmpiA
lstrcatA
WriteFile
WideCharToMultiByte
UnmapViewOfFile
Sleep
ReadFile
Process32Next
Process32First
OpenProcess
MultiByteToWideChar
MapViewOfFile
LocalFree
LocalAlloc
LoadLibraryA
GlobalMemoryStatus
GlobalFree
GlobalAlloc
GetWindowsDirectoryA
GetCurrentProcess
GetVersionExA
GetTempPathA
GetSystemDirectoryA
GetProcAddress
GetPrivateProfileStringA
GetPrivateProfileSectionNamesA
GetPrivateProfileIntA
GetModuleFileNameA
GetLogicalDrives
GetLocaleInfoA
GetLocalTime
GetLastError
GetFileSize
GetDriveTypeA
GetDiskFreeSpaceA
FindNextFileA

user32

GetDC
ReleaseDC
wsprintfA

oleaut32

SafeArrayCreateVector
SafeArrayUnaccessData
SafeArrayAccessData

advapi32

AdjustTokenPrivileges
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyA
RegEnumValueA
RegEnumKeyExA
LookupPrivilegeValueA
OpenProcessToken
GetUserNameA

shlwapi

StrStrIA

wsock32

socket
send
recv
gethostname
connect
closesocket
WSAStartup

rasapi32

RasEnumEntriesA
RasGetEntryPropertiesA
RasGetEntryDialParamsA

gdi32

GetDeviceCaps

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d9dadb834eb0c14aff202d38b47240da

Headers

File Characteristics

Imports

ole32

kernel32

user32

oleaut32

advapi32

shlwapi

wsock32

rasapi32

gdi32

Sections

.text Size: 18KB - Virtual size: 17KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 3KB - Virtual size: 180KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 18KB - Virtual size: 17KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 3KB - Virtual size: 180KB

.rsrc
Size: 1KB - Virtual size: 1KB