4a122bbffb7572473b04cb60fff0b64f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4a122bbffb7572473b04cb60fff0b64f_JaffaCakes118
Size

407KB
MD5

4a122bbffb7572473b04cb60fff0b64f
SHA1

6a543c2fa0c9b17ef718c24c463693bc647c0734
SHA256

137af99eb03961ccb318804bffbd10ed427f63fbe59a2dac1d071a11a167b7c8
SHA512

21b40ff30647d0ed04c6a135618d8b627c7db9e5b9eaf3e9b45a46ba095aefcaa878a0cdd951ac43320c241cfea9914b817f205d0b0fd1313ae50fcb659fac28
SSDEEP

6144:hVvLkq1MYttPLdXgK9HkboG/22StayghkqN52V1w58BCp:hVvQUjTdXgK2btRnC1w

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4a122bbffb7572473b04cb60fff0b64f_JaffaCakes118

Files

4a122bbffb7572473b04cb60fff0b64f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

03f9c8c554037ca837991374979f2ef4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\Xzx\sf_drv11\s_jumpx\Release\Jumper.pdb

Imports

kernel32

GetLastError
DeviceIoControl
DeleteFileA
LockResource
FindResourceExW
WideCharToMultiByte
MultiByteToWideChar
GetModuleFileNameW
GetModuleFileNameA
Sleep
OutputDebugStringA
GetProcAddress
GetModuleHandleA
GetCurrentProcess
GetSystemInfo
GetVersionExW
GetModuleHandleW
HeapDestroy
HeapAlloc
FreeResource
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
CloseHandle
SizeofResource
WriteFile
CreateFileA
LoadResource
FindResourceW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoA
GetConsoleMode
InitializeCriticalSection
HeapFree
GetStartupInfoW
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
ExitProcess
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
VirtualAlloc
LoadLibraryA
InitializeCriticalSectionAndSpinCount
SetFilePointer
GetConsoleCP

advapi32

StartServiceW
RegCloseKey
RegSetValueExA
RegCreateKeyExA
OpenSCManagerW
OpenServiceA
CloseServiceHandle
CreateServiceA

ws2_32

setsockopt
gethostbyname
htons
getsockname
closesocket
connect
socket
inet_ntoa
WSAStartup

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 325KB - Virtual size: 325KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

03f9c8c554037ca837991374979f2ef4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

ws2_32

iphlpapi

Sections

.text Size: 55KB - Virtual size: 55KB

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 325KB - Virtual size: 325KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 55KB - Virtual size: 55KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 325KB - Virtual size: 325KB

.reloc
Size: 8KB - Virtual size: 7KB