001b815907dd1b626bff5874969f3a3d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

001b815907dd1b626bff5874969f3a3d_JaffaCakes118
Size

18KB
MD5

001b815907dd1b626bff5874969f3a3d
SHA1

20195e0eb384e540e82def04301573b60b6755d6
SHA256

fe6853f67c878216af39a6d7734060477045c76450d5bc10cb90890124cee4e8
SHA512

d1e024531c14a0c2745699444d931c863755ec43530a0901cb10632f2079119bb1d2fafa6e57486885d7be3297cd26d0c29f1198bb0e5d9517a1e8279d97357a
SSDEEP

384:+ir79TMhnL3PIvr5xfSPIULftXp1rTxq3Cxr+XF:+irRiWKFBvT8CA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
001b815907dd1b626bff5874969f3a3d_JaffaCakes118

Files

001b815907dd1b626bff5874969f3a3d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f26e58a1676e02dddb515ad3e0c3eb38

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord540
ord2846
ord2818
ord537
ord2764
ord6648
ord4129
ord800
ord2915

msvcrt

__set_app_type
__p__fmode
__p__commode
__setusermatherr
_initterm
__getmainargs
_acmdln
_controlfp
_adjust_fdiv
_XcptFilter
_exit
atoi
strchr
strtok
exit
time
srand
rand
printf
strstr
_stricmp
_except_handler3
strncmp
__CxxFrameHandler

kernel32

GetTickCount
HeapAlloc
GetProcessHeap
TerminateThread
ResumeThread
CreateProcessA
SetThreadPriority
GetCurrentThread
SetPriorityClass
lstrcatA
GetCurrentProcessId
GetStartupInfoA
SetFileAttributesA
GetLastError
lstrlenA
GetVersionExA
GlobalMemoryStatus
GetTempPathA
SetLocalTime
GetModuleFileNameA
GetShortPathNameA
GetEnvironmentVariableA
CopyFileA
GetSystemDirectoryA
CloseHandle
GetCurrentProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
GetModuleHandleA
WinExec
CreateThread
ExitThread
Sleep
lstrcpyA

user32

wsprintfA

comdlg32

GetFileTitleA

advapi32

StartServiceCtrlDispatcherA
CloseServiceHandle
OpenServiceA
CreateServiceA
OpenSCManagerA
DeleteService
RegCloseKey
RegQueryValueExA
RegOpenKeyA
RegSetValueExA
StartServiceA
RegisterServiceCtrlHandlerA
SetServiceStatus
RegOpenKeyExA

ws2_32

gethostname
WSAStartup
sendto
htons
setsockopt
WSASocketA
htonl
connect
send
inet_ntoa
closesocket
WSAGetLastError
recv
__WSAFDIsSet
select
inet_addr
socket
gethostbyname

urlmon

URLDownloadToFileA

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 243KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f26e58a1676e02dddb515ad3e0c3eb38

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

comdlg32

advapi32

ws2_32

urlmon

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 2KB - Virtual size: 243KB

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 2KB - Virtual size: 243KB