532f798fe6c66eab33258b0f0451826e_JaffaCakes118

General

Target

532f798fe6c66eab33258b0f0451826e_JaffaCakes118
Size

96KB
MD5

532f798fe6c66eab33258b0f0451826e
SHA1

9aa0f8b76649583343a307a4ccbdae26ab6e0d13
SHA256

cf880ad15b38faf97af44063945da6b8eca4f78624b799b595e73d653ca829e3
SHA512

a866589c1a188151fa11fd2a3c39e05a1951ce984e80589fa5d44e30d50c0bd852ba37fc523915d2ce1e0cd611776a0b26333fafaa870dc675f9c20c40930c86
SSDEEP

1536:W9JGlcQQ/mw4syoqCM8UB6dHGO8+3tjgHJ2+y+s+rRJWicMgwqQB+L:W9glcfmw4syGpUsdHGOh3tsH4ms6JWi8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
532f798fe6c66eab33258b0f0451826e_JaffaCakes118

Files

532f798fe6c66eab33258b0f0451826e_JaffaCakes118
.exe .vbs windows:4 windows x86 arch:x86 polyglot

bc7f91f1c80f9709c657ae24bb6bf6fb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
GetSystemDirectoryA
WriteFile
lstrcpynA
DeleteFileA
WinExec
CopyFileA
GetTempFileNameA
GetTempPathA
ReadFile
SetFilePointer
lstrcatA
SetFileAttributesA
CreateDirectoryA
lstrcpyA
FindNextFileA
ReleaseMutex
WaitForSingleObject
lstrcmpiA
lstrcmpA
GetEnvironmentVariableA
GetDiskFreeSpaceA
GetProcAddress
GetModuleHandleA
Sleep
MoveFileA
SetFileTime
GetFileSize
GetFileTime
GetWindowsDirectoryA
GetVersion
GetComputerNameA
GetSystemTime
VirtualFree
VirtualAlloc
FileTimeToSystemTime
SetEndOfFile
SystemTimeToFileTime
ExitProcess
ReleaseSemaphore
OpenSemaphoreA
CreateMutexA
SetCurrentDirectoryA
CreateProcessA
CreateSemaphoreA
CreateThread
DeviceIoControl
HeapFree
HeapAlloc
GetProcessHeap
GetDriveTypeA
GetLogicalDrives
GetLogicalDriveStringsA
OpenProcess
TerminateProcess
CloseHandle
FindFirstFileA
FindClose
GetModuleFileNameA
GetLastError
lstrlenA

user32

CharLowerBuffA
DialogBoxParamA
DefWindowProcA
SetTimer
ShowWindow
PostQuitMessage
KillTimer
EndDialog
wsprintfA

advapi32

RegCreateKeyA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

ole32

CoInitialize
CoUninitialize

msvcrt

memmove
_stricmp
_strcmpi
isdigit
strrchr
__CxxFrameHandler
atoi
_strlwr

psapi

GetModuleFileNameExA
EnumProcessModules

ws2_32

gethostbyname
WSAStartup
WSACleanup
inet_addr

Sections

.data
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bc7f91f1c80f9709c657ae24bb6bf6fb

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

msvcrt

psapi

ws2_32

Sections

.data Size: 30KB - Virtual size: 30KB

.rsrc Size: 512B - Virtual size: 232B

.data
Size: 30KB - Virtual size: 30KB

.rsrc
Size: 512B - Virtual size: 232B