702c8c9b1c38fa1a85b1252fadcb6c56_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

702c8c9b1c38fa1a85b1252fadcb6c56_JaffaCakes118
Size

336KB
MD5

702c8c9b1c38fa1a85b1252fadcb6c56
SHA1

c35cc8add5d270e8c79d02d28e1276dde12fc52b
SHA256

6b412a25170b02b37314ed69305573b0793c9191a69ccb274bddec4dd308d22d
SHA512

e613884e29a81c572a0da336c738a8db5c07dc01ff5bdc6ff1538c7fecd1f5011e405dd0f21fbad9ecad6dffacc1fe6cd33242b583a448dcd190225a9ef13537
SSDEEP

6144:WZ6enhqaBpOx1VfOtzqqwPyin7tBO4RSxjQE/OeyB3V9DuEK2e2:ctnhqaBgOoHn7tBOQc92xpV9DuL12

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
702c8c9b1c38fa1a85b1252fadcb6c56_JaffaCakes118

Files

702c8c9b1c38fa1a85b1252fadcb6c56_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c1d2b1b818d12b84daeaa804510d801c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegisterEventSourceA
CryptAcquireContextA
CryptReleaseContext
ReportEventA
CryptGenRandom

user32

MessageBoxW
wsprintfA
GetUserObjectInformationW
GetProcessWindowStation
MessageBoxA
GetDesktopWindow

ws2_32

socket
htons
getnameinfo
WSASetLastError
recvfrom
inet_addr
setsockopt
__WSAFDIsSet
shutdown
ntohl
listen
getaddrinfo
gethostname
ioctlsocket
ntohs
send
getsockname
select
bind
connect
sendto
freeaddrinfo
WSAGetLastError
closesocket
recv
WSACleanup
getpeername
gethostbyname
accept
getsockopt
WSAEnumNetworkEvents
htonl
WSAStartup

winmm

timeGetTime

gdi32

GetBitmapBits
DeleteDC
DeleteObject
GetDeviceCaps
SelectObject
CreateDCA
CreateCompatibleBitmap
BitBlt
GetObjectA
CreateCompatibleDC

msvcrt

getenv
isspace
strtol
ftell
strncpy
fgets
_stat
strncat
puts
fputs
_amsg_exit
_open
isalpha
_ftime
fgetpos
malloc
memcpy
_endthreadex
isupper
fwprintf
gmtime
fflush
_onexit
fread
_putenv
srand
free
atoi
_stricmp
ferror
feof
sscanf
fclose
getc
memset
fwrite
_write
strcspn
fputc
ungetc
time
_snwprintf
vfprintf
_getpid
_unlink
__setusermatherr
_setjmp3
realloc
log10
fgetc
strrchr
memcmp
_iob
_beginthreadex
abort
wcslen
memchr
_fdopen
_stati64
localeconv
fseek
putc
tolower
strstr
_get_osfhandle
toupper
_wfopen
_read
_close
memmove
wcscpy
calloc
strlen
strchr
strcpy
setlocale
strncmp
bsearch
localtime
signal
_strdup
rename
_exit
strcat
strerror
fopen
sprintf
printf
_filelengthi64
strtoul
strftime
_ftime64
_wfindfirst
isprint
__doserrno
_errno
_setmode
_lseeki64
mktime
_lock
longjmp
wcsstr
qsort
rand
isalnum
_vsnprintf
_getch
_strnicmp
putchar
__mb_cur_max
_wfindnext
exit
_fileno
atof
fprintf
_mkdir
_initterm
_access
_fstati64
__dllonexit
fsetpos
isxdigit
_rmdir
setvbuf
_unlock
strspn
__pioinfo
raise
_findclose
islower
strcmp

kernel32

EnterCriticalSection
LoadLibraryA
SetThreadPriority
GlobalAlloc
SetThreadContext
GetModuleFileNameW
TlsGetValue
WaitForMultipleObjects
ResetEvent
GetTickCount
CloseHandle
lstrcpyA
QueryPerformanceCounter
GlobalMemoryStatus
SetEvent
GetSystemDirectoryA
FindFirstFileA
GetCurrentProcessId
GetLastError
GetTimeZoneInformation
InitializeCriticalSection
GetProcAddress
GetModuleHandleA
CreateEventA
TlsFree
DuplicateHandle
SetUnhandledExceptionFilter
GetThreadContext
CreateSemaphoreA
OpenProcess
VirtualProtect
GetVersionExA
ExitProcess
GetVersion
LeaveCriticalSection
FreeLibrary
SetLastError
GetModuleHandleExA
lstrcpynA
SetThreadAffinityMask
TlsAlloc
GetCurrentThread
SetProcessAffinityMask
Sleep
FindClose
GetThreadPriority
GetStdHandle
GetTempPathA
QueryPerformanceFrequency
GetCurrentThreadId
GetProcessAffinityMask
GetCurrentProcess
ResumeThread
DeleteCriticalSection
SuspendThread
IsDBCSLeadByteEx
WaitForSingleObject
ReleaseSemaphore
FindNextFileA
TlsSetValue
LoadLibraryW
VirtualQuery
GlobalHandle

crypt32

CertEnumCertificatesInStore
CertOpenSystemStoreA
CertCloseStore

Sections

.text
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 209KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c1d2b1b818d12b84daeaa804510d801c

Headers

File Characteristics

Imports

advapi32

user32

ws2_32

winmm

gdi32

msvcrt

kernel32

crypt32

Sections

.text Size: 72KB - Virtual size: 72KB

.data Size: 209KB - Virtual size: 209KB

.rdata Size: 45KB - Virtual size: 44KB

.bss Size: - Virtual size: 16KB

.idata Size: 5KB - Virtual size: 5KB

.CRT Size: 512B - Virtual size: 52B

.tls Size: 512B - Virtual size: 32B

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 72KB - Virtual size: 72KB

.data
Size: 209KB - Virtual size: 209KB

.rdata
Size: 45KB - Virtual size: 44KB

.bss
Size: - Virtual size: 16KB

.idata
Size: 5KB - Virtual size: 5KB

.CRT
Size: 512B - Virtual size: 52B

.tls
Size: 512B - Virtual size: 32B

.rsrc
Size: 1KB - Virtual size: 1KB