557b11705d3e7d7be392d700f404ae4a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

557b11705d3e7d7be392d700f404ae4a_JaffaCakes118
Size

50KB
MD5

557b11705d3e7d7be392d700f404ae4a
SHA1

8b369038604e2177576004fec000b6b37adf8725
SHA256

5da162bf64a81a7f8e3ec46f87a00b807a08841ec410d8665702afcc9732f218
SHA512

e92d230600bffd69fe79731e06452587a953e0c349cd53267eff1ef2fbda818746a6796cf72ebdb906347e70400f9dbd75c2842493ed009a9a22ff9702fd3710
SSDEEP

768:OJj+ASmr7RYJ6UlXXjNuD+o7LAP+R/tN99:8+7m/Rk6UFXYCo7L42N

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
557b11705d3e7d7be392d700f404ae4a_JaffaCakes118

Files

557b11705d3e7d7be392d700f404ae4a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ad7f4ce74ba8c5eb07b933473ad04a11

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
GetSystemInfo
GlobalMemoryStatus
DeleteFileA
Sleep
ReadFile
GetFileSize
GetFileAttributesA
TerminateProcess
OpenProcess
FindClose
FindNextFileA
FindFirstFileA
lstrcmpA
lstrlenA
CreateMutexA
GetLastError
CreateThread
ExitProcess
GetTickCount
GetModuleFileNameA
GetWindowsDirectoryA
SetCurrentDirectoryA
CopyFileA
SetFileAttributesA
CreateFileA
WriteFile
CloseHandle
GetModuleHandleA
lstrcmpiA

user32

DefWindowProcA
SetWindowsHookExA
SetKeyboardState
SetTimer
LoadCursorA
wsprintfA
GetWindowTextA
GetForegroundWindow
GetDesktopWindow
IsWindow
UnhookWindowsHookEx
SendMessageA
DestroyWindow
CallNextHookEx
GetActiveWindow
GetKeyNameTextA
GetKeyboardState
LoadIconA
ShowWindow
CreateWindowExA
MoveWindow
ToAscii
CloseWindow
PostQuitMessage
RegisterClassExA
DispatchMessageA
TranslateMessage
GetMessageA

gdi32

GetDeviceCaps
CreateCompatibleDC
DeleteDC
CreateDIBSection
SelectObject
BitBlt
GetDIBColorTable
CreateDCA
DeleteObject

advapi32

RegCloseKey
RegCreateKeyExA
RegSetValueExA

shell32

ShellExecuteA

odbc32

ord41
ord24
ord75
ord11
ord31
ord9

msvcrt

??2@YAPAXI@Z
??3@YAXPAX@Z
strlen
malloc
free
strncat
srand
rand
strncpy
atoi
atol
sprintf
strtok
strstr
strcpy
memset
strcat
memcpy

wininet

InternetGetConnectedState

ws2_32

getsockname
inet_ntoa
gethostbyaddr
htonl
sendto
WSAGetLastError
accept
listen
bind
select
__WSAFDIsSet
send
closesocket
socket
setsockopt
WSAAsyncSelect
htons
inet_addr
gethostbyname
connect
WSAStartup
WSACleanup
ioctlsocket
recv

avicap32

capGetDriverDescriptionA
capCreateCaptureWindowA

mpr

WNetEnumResourceA
WNetOpenEnumA
WNetCloseEnum

psapi

GetModuleBaseNameA
GetModuleFileNameExA
EnumProcesses
EnumProcessModules

urlmon

URLDownloadToFileA

Sections

.text
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ad7f4ce74ba8c5eb07b933473ad04a11

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

odbc32

msvcrt

wininet

ws2_32

avicap32

mpr

psapi

urlmon

Sections

.text Size: 49KB - Virtual size: 49KB

.text
Size: 49KB - Virtual size: 49KB