fdad7ffb8787dd11a1346f5c44a17f3e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fdad7ffb8787dd11a1346f5c44a17f3e_JaffaCakes118
Size

153KB
MD5

fdad7ffb8787dd11a1346f5c44a17f3e
SHA1

5020a2b2fa61d8972d08c8a40ea44cc1f37b6e92
SHA256

04352f66db97f1b699eb95dc03eeb9ac5b4c487a7f45f729bb7e59afb8a5c72c
SHA512

3c5fd377285412756e2b9245b8a144c27927f58171b6722ac2bb1ffbfa1825cb23068b7339714d5d034376340ff1d83ddc9f7832f13944e118b77f65d2c0c89a
SSDEEP

3072:RPluLyDM/fEI4ZLRLeO6nowRkW8QEnhA1dZMMc44aMW9/pHR4ihoYQzXiWPC:XuaYnoArtE+3W4xNQPYQ7iWP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fdad7ffb8787dd11a1346f5c44a17f3e_JaffaCakes118

Files

fdad7ffb8787dd11a1346f5c44a17f3e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bbc89eaee37ab7c2ae9aa9b1544fec04

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetStdHandle
GetLocalTime
GetModuleFileNameA
LocalAlloc
CreateFileMappingA
GetLastError
MapViewOfFile
UnmapViewOfFile
OpenFileMappingA
CloseHandle
CompareStringA
Sleep
InterlockedExchange
CreateMutexA
OpenMutexA
CreateProcessA
SetLastError
DeleteFileA
GetTempPathA
GetTempFileNameA
CopyFileA
SetFileAttributesA
InterlockedExchangeAdd
ExitProcess
WaitForSingleObject
lstrcmpiA
lstrcpynA
CreateEventA
SetEvent
WaitForMultipleObjects
GetFileAttributesA
ResetEvent
FindResourceA
SizeofResource
LoadResource
LockResource
GetCurrentProcess
VirtualAllocEx
GetModuleHandleA
GetProcAddress
WriteProcessMemory
CreateRemoteThread
OpenProcess
GetExitCodeThread
CreateToolhelp32Snapshot
Process32First
Process32Next
GetCommandLineA
WriteConsoleA
TlsSetValue
CreateThread
ResumeThread
ExitThread
GetStartupInfoA
RtlUnwind
HeapCreate
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
HeapValidate
DeleteCriticalSection
CreateFileA
TlsAlloc
GetCurrentThreadId
TlsFree
TlsGetValue
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetFileType
DuplicateHandle
SetHandleCount
GetEnvironmentStrings
FreeEnvironmentStringsA
VirtualAlloc
VirtualQuery
WriteFile
SetStdHandle
SetConsoleCtrlHandler
SetFilePointer
ReadFile
SetEndOfFile

advapi32

RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegOpenKeyExA
RegDeleteKeyA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetUserNameA
RegQueryValueExA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
QueryServiceStatus
ChangeServiceConfigA
ChangeServiceConfig2A
StartServiceA
CreateServiceA
DeleteService
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges

wsock32

WSAStartup
WSACleanup
socket
setsockopt
closesocket
select
inet_ntoa
htons
connect
bind
listen
accept
ntohs
recv
send
ioctlsocket
gethostbyname
getsockname
gethostname
inet_addr
sendto
recvfrom
WSAGetLastError

iphlpapi

GetIpForwardTable

wininet

InternetOpenA
InternetOpenUrlA
InternetCloseHandle
InternetReadFile

Sections

.text
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bbc89eaee37ab7c2ae9aa9b1544fec04

Headers

File Characteristics

Imports

kernel32

advapi32

wsock32

iphlpapi

wininet

Sections

.text Size: 49KB - Virtual size: 49KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 6KB - Virtual size: 10KB

.rsrc Size: 88KB - Virtual size: 87KB

.text
Size: 49KB - Virtual size: 49KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 6KB - Virtual size: 10KB

.rsrc
Size: 88KB - Virtual size: 87KB