fa1003faf0fa2fa8785d6662bcdf1cdb_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

fa1003faf0fa2fa8785d6662bcdf1cdb_JaffaCakes118
Size

21KB
MD5

fa1003faf0fa2fa8785d6662bcdf1cdb
SHA1

d73b4eb90ed48b650804c5d0c2f6fda9bf1afa16
SHA256

e590a491711a231fea31821723981ade5f17bbd4862e5c8e6b6774a8a21776a8
SHA512

4fa2db60a5ac1b5b5cdf9bd2a3e8b0070a16a2d01ba0dd4852992e2ec2bbf7b21789550876698643376b11e1254c88f4a9a4361b4b903baafff4cde8b0a2bd3d
SSDEEP

384:GzsziFq5rS569+pqWePQN0ZPRKstgwnC+RGomMHeCy8/ptGeOG9Q:GzseFSrS5MJYCPwstrC+RG+Rh0eOG9Q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fa1003faf0fa2fa8785d6662bcdf1cdb_JaffaCakes118

Files

fa1003faf0fa2fa8785d6662bcdf1cdb_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a7cbe6747252d9e0570ed84374ba90bd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

inet_addr
WSAStartup
connect
socket
htons
send
sendto
ioctlsocket
WSACleanup
gethostbyname
closesocket
recv
select

shlwapi

PathRemoveFileSpecA

urlmon

URLDownloadToFileA

shell32

ShellExecuteA

advapi32

RegDeleteKeyA
RegCreateKeyA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegOpenKeyA

msvcr100

_configthreadlocale
__setusermatherr
_commode
_fmode
__set_app_type
_crt_debugger_hook
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_invoke_watson
_controlfp_s
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_exit
_cexit
__getmainargs
_amsg_exit
fopen
fprintf
fclose
strncat
_time64
malloc
srand
strtok
strcat
atoi
strcmp
strncmp
memmove
strncpy
memset
strstr
strchr
rand
sprintf
strlen
_snprintf
strcpy
_CxxThrowException
??3@YAXPAX@Z
_XcptFilter
?_type_info_dtor_internal_method@type_info@@QAEXXZ

user32

EmptyClipboard
SetClipboardData
CloseClipboard
keybd_event
GetForegroundWindow
ShowWindow
wsprintfA
VkKeyScanA
SetFocus
FindWindowA
SetForegroundWindow
OpenClipboard

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

VariantInit
SysAllocString
VariantClear

kernel32

GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
DecodePointer
IsDebuggerPresent
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentProcess
SetErrorMode
CreateMutexA
TerminateProcess
EncodePointer
CreateProcessA
LocalFree
GetWindowsDirectoryA
GetModuleFileNameA
UnhandledExceptionFilter
GetSystemDirectoryA
lstrcmpiA
GetFileAttributesA
SetFileAttributesA
CopyFileA
GetLastError
Sleep
ExitProcess
CloseHandle
WriteFile
CreateFileA
GetTempPathA
ExpandEnvironmentStringsA
ReleaseMutex
CreateThread
GetTickCount
InterlockedExchange
InterlockedCompareExchange
HeapSetInformation
GetStartupInfoW
ExitThread
GetSystemDefaultLangID
GlobalUnlock
GlobalLock
GlobalAlloc
GetVersionExA
GetModuleHandleA
GetLocaleInfoA

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a7cbe6747252d9e0570ed84374ba90bd

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

shlwapi

urlmon

shell32

advapi32

msvcr100

user32

ole32

oleaut32

kernel32

Sections

.text Size: 10KB - Virtual size: 10KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 1024B - Virtual size: 7KB

.rsrc Size: 1024B - Virtual size: 696B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 10KB - Virtual size: 10KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 1024B - Virtual size: 7KB

.rsrc
Size: 1024B - Virtual size: 696B

.reloc
Size: 2KB - Virtual size: 1KB