fc1855da16ba016d3a945f083a1ed41e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fc1855da16ba016d3a945f083a1ed41e_JaffaCakes118
Size

28KB
MD5

fc1855da16ba016d3a945f083a1ed41e
SHA1

cc65578f1de2da0cd4efede5a28534d1c1388712
SHA256

4b3727869e7f07955d97d7a25823462645ffff00d5832186f70b8bbf036ab149
SHA512

1ede56b9155e07d0d1952dbc0018c7301005b9a712226f883d5cbcd804300b89db1a95a4d1828ebfe0453cad3ed0770ccba099c96727460b4a52e086d99023a8
SSDEEP

384:hmxO4WiMHXlEHvN0DI0nnpQ1KbE0XYt0Rph9Dx06SOzi/w:EYjiMHXrRnI6ItChVG/w

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fc1855da16ba016d3a945f083a1ed41e_JaffaCakes118

Files

fc1855da16ba016d3a945f083a1ed41e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

161f65c7e38df9a42819c417f954dfbf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord823
ord825

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
atoi
_stricmp
memcpy
memmove
ceil
_ftol
strlen
strstr
__CxxFrameHandler
memset
strcpy
strcat
strrchr
malloc
realloc
exit
free

kernel32

HeapFree
IsBadReadPtr
LoadLibraryA
GetStartupInfoA
GetCurrentThreadId
GetSystemTime
WritePrivateProfileStringA
SetFileAttributesA
GetModuleFileNameA
SetErrorMode
GetTickCount
OpenEventA
GetVersionExA
GetComputerNameA
GetSystemInfo
GetPrivateProfileStringA
GetModuleHandleA
InitializeCriticalSection
DeleteCriticalSection
VirtualFree
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
CreateEventA
CloseHandle
WaitForSingleObject
ResetEvent
SetEvent
InterlockedExchange
CancelIo
Sleep
WriteFile
SetFilePointer
CreateFileA
GetFileSize
GetWindowsDirectoryA
ReadFile
GetFileAttributesA
CreateProcessA
lstrcpyA
lstrlenA
CreateThread
GetLastError
GetCurrentProcess
Process32Next
LocalReAlloc
LocalSize
OpenProcess
Process32First
LocalAlloc
CreateToolhelp32Snapshot
LocalFree
TerminateThread
HeapAlloc
GetProcessHeap
VirtualProtect
GetProcAddress
FreeLibrary

user32

SetThreadDesktop
CloseDesktop
GetUserObjectInformationA
OpenWindowStationA
SetProcessWindowStation
wsprintfA
OpenDesktopA
OpenInputDesktop
GetThreadDesktop
ExitWindowsEx
GetProcessWindowStation

advapi32

OpenProcessToken
RegQueryValueA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegDeleteKeyA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenEventLogA
ClearEventLogA
CloseEventLog

shell32

ShellExecuteA

ws2_32

setsockopt
send
closesocket
select
htons
gethostbyname
socket
getsockname
WSAStartup
WSACleanup
connect
recv

wininet

InternetOpenUrlA
InternetOpenA
InternetReadFile
InternetCloseHandle

ole32

CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

SysFreeString

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

161f65c7e38df9a42819c417f954dfbf

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

advapi32

shell32

ws2_32

wininet

ole32

oleaut32

Sections

.text Size: 12KB - Virtual size: 10KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 2KB

.text
Size: 12KB - Virtual size: 10KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 2KB