03860e35163b2f8935f4823b22cc6815_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

03860e35163b2f8935f4823b22cc6815_JaffaCakes118
Size

25KB
MD5

03860e35163b2f8935f4823b22cc6815
SHA1

868e7f556556ad34267ab3e5ea6445edbdff84f5
SHA256

ca38f5cf9c56543f473a4970bf7e636f7a773da133932b1b9dd124835b7b2d9c
SHA512

f809616b4d3e3311144cbf7af514991fd92422d86672ceb5f8081e2c42ba9cf5601de080de87284d7a2d32b17776059b3b48c4c1551e2d2365771af6a8b229bf
SSDEEP

768:DXDDZzQnSuPXKKhksv0n/9W1RirH24TaaLnPSrbs8V2G673Rc15k4J49kzcF9iF:rDDZzQnSuPXKKhksv0n/9W1RirH2K9Ly

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
03860e35163b2f8935f4823b22cc6815_JaffaCakes118

Files

03860e35163b2f8935f4823b22cc6815_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e490d5974d9070bb640dffbea78156bf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ddraw

AcquireDDThreadLock
ReleaseDDThreadLock
CompleteCreateSysmemSurface
DDInternalLock
D3DParseUnknownCommand
DDInternalUnlock

dhcpcsvc

McastApiStartup

ntdll

NtCreateKey

kernel32

LocalFree
IsBadCodePtr
GetSystemTimeAsFileTime
GetModuleFileNameA
GetCurrentThreadId
GetSystemInfo
SetUnhandledExceptionFilter
GetTickCount
LocalReAlloc
LocalAlloc
DisableThreadLibraryCalls
GetCurrentProcessId
Sleep
GetModuleHandleA
GetProcAddress
VirtualFree
QueryPerformanceCounter
TerminateProcess
VirtualAlloc
GetVersionExA
LoadLibraryA
GetCurrentProcess
FreeLibrary
IsBadReadPtr
UnhandledExceptionFilter

user32

IntersectRect
IsRectEmpty

advapi32

RegOpenKeyA
RegCreateKeyA
RegQueryValueExA
RegSetValueExA
RegCloseKey
RegOpenKeyExA

msvcrt

malloc
_CIsqrt
__CxxFrameHandler
_CxxThrowException
ftell
fclose
_initterm
fwrite
fseek
free
_purecall
exp
_onexit
__dllonexit
fflush
fopen
_CIpow
_adjust_fdiv
_CIexp
sprintf
_except_handler3

ws2_32

WSAGetLastError

Sections

.textbss
Size: - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e490d5974d9070bb640dffbea78156bf

Headers

File Characteristics

Imports

ddraw

dhcpcsvc

ntdll

kernel32

user32

advapi32

msvcrt

ws2_32

Sections

.textbss Size: - Virtual size: 96KB

.text Size: 512B - Virtual size: 436B

.idata Size: 22KB - Virtual size: 22KB

.rdata Size: 512B - Virtual size: 32B

.data Size: 512B - Virtual size: 216B

.textbss
Size: - Virtual size: 96KB

.text
Size: 512B - Virtual size: 436B

.idata
Size: 22KB - Virtual size: 22KB

.rdata
Size: 512B - Virtual size: 32B

.data
Size: 512B - Virtual size: 216B