fd3f9f86fbea961572e80570e99d8642_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fd3f9f86fbea961572e80570e99d8642_JaffaCakes118
Size

931KB
MD5

fd3f9f86fbea961572e80570e99d8642
SHA1

084929b3f42ad816e049e765b82b930c55fee2c4
SHA256

b05a9c8837058d37f584371743b5b96715c69afa1e48194871768ab4cf5c7d6f
SHA512

4141fcd5d0aab2506bad7d012408435b89639431b5b3cc6684a9888f5642570a3c25b058a4f189115f093714c71bc2342fb3c6ac364624181af2b11c017e3086
SSDEEP

24576:zhcEGd8sx68ZM/cxTArgyT1DiykbG2QYRIYCTIZ:GEGd8sx/M/cmgyT1YCTIZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fd3f9f86fbea961572e80570e99d8642_JaffaCakes118

Files

fd3f9f86fbea961572e80570e99d8642_JaffaCakes118
.exe windows:6 windows x86 arch:x86

a50706e4cc76cfc73bf808102bf86ddd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Projects\cookiemonster\Release\cookiemonster.pdb

Imports

advapi32

RegGetValueW
RegCreateKeyExW
RegCloseKey
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
CryptEncrypt

ws2_32

freeaddrinfo
getaddrinfo
ioctlsocket
htonl
gethostname
listen
sendto
accept
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
ntohl
WSACleanup
WSAStartup
WSAIoctl
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
WSASetLastError
select
__WSAFDIsSet
WSAGetLastError
inet_pton
socket
send
recv
closesocket
recvfrom

wldap32

ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord301
ord41
ord50
ord45
ord60
ord211
ord46
ord143
ord22

kernel32

GetDriveTypeW
SystemTimeToTzSpecificLocalTime
VerifyVersionInfoA
VerSetConditionMask
FormatMessageW
WaitForMultipleObjects
PeekNamedPipe
MoveFileExA
GetEnvironmentVariableA
LoadLibraryA
GetSystemDirectoryA
SleepEx
InitializeCriticalSectionEx
WriteConsoleW
CreateFileW
HeapSize
GetProcessHeap
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FileTimeToSystemTime
ExitThread
GetFileAttributesExW
GetCurrentDirectoryW
GetFullPathNameW
DeleteFileW
GetFileInformationByHandle
CreateFileA
MultiByteToWideChar
LocalFree
FormatMessageA
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
GetLastError
EncodePointer
DecodePointer
QueryPerformanceCounter
QueryPerformanceFrequency
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
GetProcAddress
GetStringTypeW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetCurrentProcessId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
CloseHandle
SetEvent
WaitForSingleObjectEx
Sleep
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetCurrentThread
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
GetModuleFileNameW
GetModuleHandleA
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualProtect
VirtualFree
DuplicateHandle
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
CreateTimerQueue
LoadLibraryW
RtlUnwind
RaiseException
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
HeapFree
HeapAlloc
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
FlushFileBuffers
GetConsoleCP
GetConsoleMode
ReadFile
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
HeapReAlloc
GetTimeZoneInformation
FindClose
FindFirstFileExW
SetEndOfFile

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateContext
CertOpenStore

Sections

.text
Size: 723KB - Virtual size: 723KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a50706e4cc76cfc73bf808102bf86ddd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

ws2_32

wldap32

kernel32

crypt32

Sections

.text Size: 723KB - Virtual size: 723KB

.rdata Size: 160KB - Virtual size: 160KB

.data Size: 11KB - Virtual size: 16KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 34KB - Virtual size: 33KB

.text
Size: 723KB - Virtual size: 723KB

.rdata
Size: 160KB - Virtual size: 160KB

.data
Size: 11KB - Virtual size: 16KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 34KB - Virtual size: 33KB