40c813affad5d0badbc79869af6bf229_JaffaCakes118

General

Target

40c813affad5d0badbc79869af6bf229_JaffaCakes118
Size

256KB
MD5

40c813affad5d0badbc79869af6bf229
SHA1

4cedee241e8b5a7946a4330e82194e4c91b3d679
SHA256

cbc86f62729c13aad8ce2b3cb360fb2bf61b169dcae8dae5a788aa68178c31a5
SHA512

7bef5b118c31c8ac291eec99920e496341274af80c61bd10c9b172c608cfbdf28536e9ddee9283f2c5a67aed062f4fb2157bc97c561a603492746db3821fbd82
SSDEEP

1536:oKdXswvzODZnSQ4/vFGNQwUVrlezksB2jKZwAuEcBkV3iB:oKZnvOZOlHjVrlezMKZwAu3k8B

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
40c813affad5d0badbc79869af6bf229_JaffaCakes118

Files

40c813affad5d0badbc79869af6bf229_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4ae3ba07078200e486291259d014a5a2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
WriteFile
CreateFileA
Sleep
CopyFileA
MultiByteToWideChar
GetModuleHandleA
CreateMutexA
WideCharToMultiByte
CreateThread
GetSystemDirectoryA
TerminateThread
GetTempPathA
GetModuleFileNameA
ExpandEnvironmentStringsA
CreateProcessA
GetLastError
GetTickCount
GetLocaleInfoA
LCMapStringW
LCMapStringA
ReadFile
SetStdHandle
GetCPInfo
GetOEMCP
GetACP
GetStringTypeW
GetStringTypeA
HeapSize
GetSystemInfo
VirtualProtect
VirtualQuery
InterlockedExchange
RtlUnwind
LoadLibraryA
SetFilePointer
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
FlushFileBuffers
HeapReAlloc
VirtualAlloc
ExitProcess
GetProcAddress
TerminateProcess
GetCurrentProcess
HeapAlloc
GetStartupInfoA
GetCommandLineA
GetVersionExA
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapDestroy
HeapCreate
VirtualFree
HeapFree

advapi32

RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegDeleteValueA

shell32

ShellExecuteA

ws2_32

recv
inet_ntoa
WSACleanup
WSAStartup
inet_addr
gethostbyname
socket
htons
ioctlsocket
connect
select
closesocket
send
getsockname

wininet

InternetCloseHandle
InternetReadFile
InternetOpenUrlA
InternetOpenA

mpr

WNetAddConnection2A
WNetCancelConnection2A

netapi32

NetScheduleJobAdd
NetRemoteTOD
NetUserEnum
NetApiBufferFree

Sections

Size: 252KB - Virtual size: 252KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4ae3ba07078200e486291259d014a5a2

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

ws2_32

wininet

mpr

netapi32

Sections

Size: 252KB - Virtual size: 252KB