57197303b35e2ee7b8b92d7a72aa0c8a_JaffaCakes118

General

Target

57197303b35e2ee7b8b92d7a72aa0c8a_JaffaCakes118
Size

28KB
MD5

57197303b35e2ee7b8b92d7a72aa0c8a
SHA1

d6dda0d423ab38ded00a51f715ff49b900bb6eba
SHA256

e62af028fcc4629ff10c98382d452fce38cd1190724d85084aeb028775197046
SHA512

09867acb1d1b863ccb0cd2dba29819a18979f34b340e1d85f4ce1c0ee7f3e5f27ac9d83a8513d81d5993d860ce5c8e4f1786731e9d9b1a867739b7d0f3de5aea
SSDEEP

768:J2fskZA3/3mO7Ai1AGdhW+4Sm1h+pMNR1lkJ9:sRZAP7AmdhWwm1b8J9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
57197303b35e2ee7b8b92d7a72aa0c8a_JaffaCakes118

Files

57197303b35e2ee7b8b92d7a72aa0c8a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

08179f5c1b0be5cd5dbf86134f2f6856

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

ioctlsocket
connect
__WSAFDIsSet
setsockopt
gethostname
send
inet_addr
gethostbyname
socket
select
recv
closesocket
ntohs
htons
sendto
gethostbyaddr
inet_ntoa
WSAStartup

ntdll

NtQuerySystemInformation
ZwSystemDebugControl

kernel32

GetTimeZoneInformation
InitializeCriticalSection
GetComputerNameA
GetVolumeInformationA
WinExec
GetEnvironmentVariableA
lstrcatA
CopyFileA
GetTempPathA
GetModuleFileNameA
GetTickCount
HeapFree
GetProcessHeap
HeapAlloc
Sleep
lstrcpynA
GetProcAddress
LoadLibraryA
GetModuleHandleA
GetCurrentProcess
GetVersionExA
FreeLibrary
GetCurrentProcessId
LeaveCriticalSection
EnterCriticalSection
lstrlenA
lstrcpyA
SystemTimeToFileTime
GetLocalTime
CreateThread
FileTimeToLocalFileTime
FileTimeToSystemTime
GetSystemTimeAsFileTime
CloseHandle
WriteFile
CreateFileA
GetSystemDirectoryA
CreateProcessA
CreateMutexA
ExitProcess
OpenMutexA
SetFileAttributesA

user32

CharToOemA
wsprintfA

advapi32

RegCreateKeyExA
LookupPrivilegeValueA
RegOpenKeyExA
RegQueryValueExA
AdjustTokenPrivileges
RegSetValueExA
RegCloseKey
OpenProcessToken

shell32

ShellExecuteA

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

08179f5c1b0be5cd5dbf86134f2f6856

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

ntdll

kernel32

user32

advapi32

shell32

Sections

.text Size: 21KB - Virtual size: 20KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 4KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 21KB - Virtual size: 20KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 4KB

.reloc
Size: 2KB - Virtual size: 1KB