433c5956e627df1f9388b948b273c707_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

433c5956e627df1f9388b948b273c707_JaffaCakes118
Size

57KB
MD5

433c5956e627df1f9388b948b273c707
SHA1

8f2a5aed63d88f0150c036239b150e3170e66a6c
SHA256

2fba093d25a22d28b15931678840757de87ff8e78b4bdba3d56aa91481747854
SHA512

912eaae64d8f271e2fbccc066629c0fa76df74c531993b9d121d8a1f9af0ce2eb60ddbb092cd51d2f3bdb2d14bba3c69b87e8e52f92f04f33dee5e6aafa240a7
SSDEEP

768:rfKjftVrfuCipQkaO1myh4YGc85PhAK/fCf8WAAIWa/5wRqhsxPY:+xV6VQkaDy8cVKCf8WAAIz/5wGl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
433c5956e627df1f9388b948b273c707_JaffaCakes118

Files

433c5956e627df1f9388b948b273c707_JaffaCakes118
.exe windows:4 windows x86 arch:x86

beb0df7034bdb91e6a02296407bb8785

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetErrorMode
GetModuleFileNameA
ExitProcess
GetLastError
CreateMutexA
lstrcmpiA
Process32Next
OpenEventA
GetVersionExA
OpenProcess
GetCurrentThreadId
WriteFile
CreateFileA
GetStartupInfoA
GetModuleHandleA
Process32First
ReleaseMutex
GetSystemInfo
GlobalMemoryStatus
lstrcatA
GetProcessHeap
GetProcAddress
HeapAlloc
HeapFree
GetTickCount
TerminateThread
CreateProcessA
lstrlenA
Sleep
CancelIo
SetEvent
lstrcpyA
ResetEvent
CloseHandle
CreateEventA
VirtualAlloc
LeaveCriticalSection
VirtualFree
LoadLibraryA
CreateToolhelp32Snapshot

user32

CloseDesktop
SetThreadDesktop
OpenInputDesktop
GetUserObjectInformationA
GetThreadDesktop
OpenDesktopA
PostMessageA
wsprintfA
SetProcessWindowStation
OpenWindowStationA
GetProcessWindowStation

advapi32

RegOpenKeyA
RegEnumValueA
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegSetKeySecurity
FreeSid
RegOpenKeyExA
RegQueryValueA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegQueryValueExA
RegDeleteValueA
RegDeleteKeyA
LookupAccountSidA
GetTokenInformation
OpenProcessToken
RegEnumKeyExA

msvcrt

_XcptFilter
_strnicmp
_controlfp
__set_app_type
__p__fmode
??3@YAXPAX@Z
memcpy
memmove
ceil
_ftol
strlen
strstr
__CxxFrameHandler
memset
??2@YAPAXI@Z
memcmp
strrchr
malloc
_CxxThrowException
rand
exit
_except_handler3
strcat
strncat
strchr
strcpy
realloc
atoi
_beginthreadex
calloc
free
??1type_info@@UAE@XZ
_exit
_strcmpi
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode

ws2_32

getsockname
recv
send
select
closesocket
ntohs
socket
connect
htons
gethostbyname
gethostname

wininet

InternetReadFile
InternetCloseHandle

avicap32

capGetDriverDescriptionA

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationA

Sections

.text
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

beb0df7034bdb91e6a02296407bb8785

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

ws2_32

wininet

avicap32

wtsapi32

Sections

.text Size: 41KB - Virtual size: 41KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 7KB - Virtual size: 7KB

.rsrc Size: 512B - Virtual size: 16B

.text
Size: 41KB - Virtual size: 41KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 512B - Virtual size: 16B