ca413af53f2378cba7ac17c81d683da0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ca413af53f2378cba7ac17c81d683da0_JaffaCakes118
Size

198KB
MD5

ca413af53f2378cba7ac17c81d683da0
SHA1

c74426b232e2f95e4bfc442fb4ed78b2e4e315a5
SHA256

2a85363cfa66c06dede53a16b42cdc2b09eb2e6b64fe2caabff101e0a7858d66
SHA512

3c8aa768fabc2394ef93353165285a105abb7876e82ec00da668c5adb131819636a5bc7041cb24adfa7fa8e0061917a2aa34f3431ce0943fcd9a4dd74cbadd14
SSDEEP

3072:xlRg2T30iG+3xJrEYHY9kT8+T31D+zsv6TBfmrii5c:CsTG+3/EYH/T8hsv6TBT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ca413af53f2378cba7ac17c81d683da0_JaffaCakes118

Files

ca413af53f2378cba7ac17c81d683da0_JaffaCakes118
.exe windows:5 windows x86 arch:x86

74559a46b39b5be8d7510fe65c8c935d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

P:\STUDY\JOMBIE_SOURCE\Code_King\Code_King_2018-01-13\publish\PsychMaker(win7).pdb

Imports

winmm

timeGetTime

wsock32

htonl
bind
listen
accept
getpeername
connect
ioctlsocket
select
htons
getsockname
setsockopt
recv
socket
closesocket
send
WSAStartup

kernel32

GetStringTypeA
LCMapStringW
LCMapStringA
InitializeCriticalSectionAndSpinCount
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
WriteConsoleW
FreeLibrary
GetSystemDirectoryA
GetProcAddress
CopyFileA
SetFileAttributesA
LoadLibraryA
CreateFileA
GetFileSize
GetCurrentProcess
Process32First
OpenProcess
TerminateProcess
ReadFile
Process32Next
QueryFullProcessImageNameA
CreateToolhelp32Snapshot
OutputDebugStringA
CloseHandle
Sleep
GetConsoleWindow
GetLastError
CreateMutexA
WinExec
GetWindowsDirectoryA
GetPrivateProfileStringA
GetStringTypeW
GetComputerNameA
GlobalMemoryStatus
MoveFileExA
GetTickCount
WritePrivateProfileStringA
GetSystemInfo
GetModuleFileNameA
GetCurrentThreadId
GetVersionExA
DeleteFileA
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetConsoleOutputCP
WriteConsoleA
GetStdHandle
SetHandleCount
GetProcessHeap
SetEndOfFile
SetStdHandle
HeapReAlloc
VirtualAlloc
DeleteCriticalSection
VirtualFree
HeapDestroy
HeapCreate
RtlUnwind
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
RaiseException
GetLocaleInfoA
FlushFileBuffers
ExitProcess
HeapSize
InterlockedDecrement
SetLastError
InterlockedIncrement
TlsFree
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
GetFileType
HeapAlloc
SetFilePointer
MultiByteToWideChar
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
ExitThread
ResumeThread
CreateThread
GetCommandLineA
GetStartupInfoA
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue

user32

GetClientRect
GetSystemMetrics
SetProcessWindowStation
OpenDesktopA
GetThreadDesktop
GetProcessWindowStation
wsprintfA
CloseDesktop
OpenWindowStationA
SwitchDesktop
SetThreadDesktop
FindWindowA
TranslateMessage
PeekMessageA
ShowWindow
DispatchMessageA
ClientToScreen
FillRect
FindWindowW
GetDC

gdi32

SelectObject
GetStockObject
DeleteObject

advapi32

RegCloseKey
GetUserNameA
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken

shell32

ShellExecuteA

shlwapi

SHGetValueA

urlmon

URLDownloadToFileA

Sections

.text
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

74559a46b39b5be8d7510fe65c8c935d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winmm

wsock32

kernel32

user32

gdi32

advapi32

shell32

shlwapi

urlmon

Sections

.text Size: 152KB - Virtual size: 152KB

.rdata Size: 37KB - Virtual size: 36KB

.data Size: 7KB - Virtual size: 13KB

.rsrc Size: 512B - Virtual size: 16B

.text
Size: 152KB - Virtual size: 152KB

.rdata
Size: 37KB - Virtual size: 36KB

.data
Size: 7KB - Virtual size: 13KB

.rsrc
Size: 512B - Virtual size: 16B