525ab390200dcf02fb26587d22607e57_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

525ab390200dcf02fb26587d22607e57_JaffaCakes118
Size

160KB
MD5

525ab390200dcf02fb26587d22607e57
SHA1

5e8c2e4e59cd2c18c616b093af328420ab922389
SHA256

e1dba104d3245f980246b962e1a4d06526f6b0c6be186ac5e8099ba357acfdfc
SHA512

adcae1e53ae9a0539f8936d40731a12ff9dfde394ace76c8e1160eacdb8a561c463f1edf25fc870961a895d223928f3298cd8c2fb5865836fbc6424a77d8eede
SSDEEP

3072:BfOu4OFUj5r6C6jSHqtAPiPsBBolUZceJEolsb2xB7:BmjOFy5r6jSD6PKKasbwx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
525ab390200dcf02fb26587d22607e57_JaffaCakes118

Files

525ab390200dcf02fb26587d22607e57_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a9dee087cc2de1ea93c8727bec6f41f8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

lz32

LZRead
LZSeek
LZOpenFileA
LZClose

kernel32

CloseHandle
CreateFileA
MoveFileExA
GetVersionExA
WritePrivateProfileStringA
SetFilePointer
ReadFile
GetWindowsDirectoryA
GetShortPathNameA
GetFileAttributesA
DeleteFileA
FindClose
lstrcpynA
WriteFile
RemoveDirectoryA
CreateDirectoryA
GetFileSize
GetModuleFileNameA
GetTempFileNameA
GetTempPathA
Sleep
GlobalMemoryStatus
GetTickCount
GetLastError
FindNextFileA
FindFirstFileA
lstrcpyA
CreateProcessA
CopyFileA
GetPrivateProfileStringA
CreateThread
WaitForSingleObject
InitializeCriticalSection
DeleteCriticalSection
SetLastError
LeaveCriticalSection
EnterCriticalSection
LocalFree
FormatMessageA
GetSystemDirectoryA
InterlockedIncrement
InterlockedDecrement
GlobalFree
GlobalAlloc
GetModuleHandleA
GetProcAddress
LoadLibraryA
FreeLibrary
OutputDebugStringA
CreateEventA
ResetEvent
SetEvent
GetLocalTime
SearchPathA
GlobalUnlock
GlobalLock
GetDiskFreeSpaceA
lstrcatA
WinExec
lstrlenA
GetExitCodeProcess
lstrcmpiA
SetHandleCount
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
LCMapStringW
LCMapStringA
GetEnvironmentStringsW
GetStdHandle
MultiByteToWideChar
GetOEMCP
GetACP
GetCPInfo
TlsGetValue
TlsAlloc
TlsSetValue
GetCurrentThreadId
HeapAlloc
CompareStringW
GetFileType
ExitProcess
GetVersion
GetCommandLineA
GetStartupInfoA
RtlUnwind
GetSystemTime
GetTimeZoneInformation
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
HeapReAlloc
HeapFree
FlushFileBuffers
SetStdHandle
SetEnvironmentVariableA
HeapSize
CompareStringA
WideCharToMultiByte
VirtualAlloc
SetEndOfFile
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
IsBadWritePtr

user32

GetMessageA
wsprintfA
GetCursorPos
MessageBoxA
TranslateMessage
DispatchMessageA
GetClassInfoExA
UpdateWindow
wvsprintfA
GetDesktopWindow
PeekMessageA
RegisterWindowMessageA
FindWindowA
IsWindowVisible
PostMessageA
PostQuitMessage
KillTimer
DestroyWindow
GetWindowTextLengthA
SendMessageA
SetTimer
GetPropA
SetPropA
DefWindowProcA
LoadIconA
LoadCursorA
RegisterClassExA
CreateWindowExA
IsWindow
ShowWindow
SetWindowPos
GetWindowTextA

advapi32

RegCloseKey
RegEnumValueA
RegEnumKeyExA
RegEnumKeyA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteKeyA
RegQueryValueExA
RegDeleteValueA

ole32

CoCreateGuid

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

wsock32

recv
socket
inet_ntoa
bind
ioctlsocket
htons
connect
send
closesocket
WSAAsyncGetHostByName
inet_addr
WSACancelAsyncRequest
WSAStartup
WSACleanup
WSAGetLastError
__WSAFDIsSet
select
getsockopt

Sections

.text
Size: 112KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a9dee087cc2de1ea93c8727bec6f41f8

Headers

File Characteristics

Imports

lz32

kernel32

user32

advapi32

ole32

version

wsock32

Sections

.text Size: 112KB - Virtual size: 109KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 32KB - Virtual size: 46KB

.rsrc Size: 4KB - Virtual size: 528B

.text
Size: 112KB - Virtual size: 109KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 32KB - Virtual size: 46KB

.rsrc
Size: 4KB - Virtual size: 528B