057d4b595995a31206078d6bc717d142_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

057d4b595995a31206078d6bc717d142_JaffaCakes118
Size

1.1MB
MD5

057d4b595995a31206078d6bc717d142
SHA1

d04e360d0e5ee79163b9d031a3665527eefef6c4
SHA256

30781e7d28c858e5c1330b1b6d455f24749031b87d112caaf3de4072753c8f73
SHA512

e186b83fad1b4a602b207ee99a37831928e86193c6a2fc34529ce463eb387d45484f8a0d50ac9a9f9b2b480b65a05a8ef3228ed427a1488332c75c073febcd04
SSDEEP

24576:j130xpgHPrqygCV3vmOs7WRQnit7FM5GmrwG:J6KWygaO9RGFMTrl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
057d4b595995a31206078d6bc717d142_JaffaCakes118

Files

057d4b595995a31206078d6bc717d142_JaffaCakes118
.exe windows:4 windows x86 arch:x86

53ef25f84de68047a198bde6de1b8104

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DebugBreak
RaiseException
GetStartupInfoA
HeapFree
FlushConsoleInputBuffer
QueryPerformanceCounter
GetProcessHeap
GetCurrentThreadId
SetLastError
FindFirstFileA
FindNextFileA
FindClose
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GetFileSize
TransactNamedPipe
GetCurrentThread
GetCurrentProcess
FindResourceA
LoadResource
SizeofResource
LockResource
SetEvent
CreateEventA
GetTempPathA
MultiByteToWideChar
GetLastError
CopyFileA
GetModuleFileNameA
OpenProcess
GetModuleHandleA
CreateThread
TerminateThread
OutputDebugStringA
FreeConsole
AllocConsole
GetStdHandle
WriteFile
CreateNamedPipeA
WaitNamedPipeA
CreateFileA
TerminateProcess
CloseHandle
ReadFile
HeapAlloc
GetCurrentProcessId
GetTickCount
Sleep
FreeLibrary
GetProcAddress
LoadLibraryA
DeleteFileA
GetSystemDirectoryA
CreateProcessA
ExpandEnvironmentStringsA
ExitProcess
GetComputerNameA
GetVersionExA
GlobalMemoryStatus

advapi32

CreateServiceA
RegQueryInfoKeyA
RegEnumKeyExA
DeleteService
ControlService
EnumServicesStatusA
RegQueryValueExA
RegDeleteValueA
RegCloseKey
RegSetValueExA
RegOpenKeyExA
GetUserNameA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCreateKeyExA
ChangeServiceConfig2A
CloseServiceHandle
OpenSCManagerA
OpenServiceA
StartServiceA
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
OpenThreadToken

dnsapi

DnsQuery_A

gdi32

DeleteObject
DeleteDC
GetBitmapBits
BitBlt
CreateDCA
CreateCompatibleDC
GetDeviceCaps
CreateCompatibleBitmap
SelectObject
GetObjectA

mpr

WNetCancelConnection2W
WNetCancelConnection2A
WNetAddConnection2A
WNetAddConnection2W

msvcr71d

abort
_iob
fprintf
realloc
bsearch
qsort
time
fgets
sprintf
isdigit
calloc
malloc
printf
perror
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
_ismbblead
_cexit
_XcptFilter
_exit
_c_exit
?terminate@@YAXXZ
_onexit
__dllonexit
??1type_info@@UAE@XZ
_CRT_RTC_INIT
_getch
_stat
_fileno
_strdup
_memccpy
_stricmp
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
signal
fputs
strtoul
gmtime
_lrotl
_lrotr
getenv
_setmode
localtime
_ftol
__mb_cur_max
_errno
_isctype
_pctype
__CxxFrameHandler
??3@YAXPAX@Z
_purecall
??2@YAPAXIHPBDH@Z
strstr
memset
fread
fseek
fclose
fopen
strncpy
strlen
_vsnprintf
??0exception@@QAE@ABV0@@Z
_CxxThrowException
??1exception@@UAE@XZ
??0exception@@QAE@XZ
memcpy
memmove
strcpy
strcmp
atoi
system
??_V@YAXPAX@Z
??_U@YAPAXIHPBDH@Z
memcmp
strerror
vsprintf
strncat
strchr
atof
strncmp
exit
strcat
free
_malloc_dbg
ftell
fwrite
srand
rand
strtok
wcscat
fputc
toupper
_except_handler3
memchr
wcscpy
mbstowcs
wcstombs
sscanf
fflush
tolower

netapi32

NetRemoteTOD
NetScheduleJobAdd
NetUseAdd
NetUseDel
NetApiBufferFree
NetShareEnum
NetUserEnum

odbc32

ord24
ord41
ord11
ord31
ord9
ord75

psapi

GetModuleBaseNameA
EnumProcesses
EnumProcessModules

shell32

ShellExecuteA

user32

ExitWindowsEx
MessageBoxA
GetAsyncKeyState
GetKeyState
GetWindowTextA
GetForegroundWindow
wsprintfA

ws2_32

socket
htons
connect
WSAGetLastError
select
closesocket
listen
bind
accept
__WSAFDIsSet
WSACleanup
send
getsockname
getpeername
ioctlsocket
gethostbyname
inet_ntoa
gethostbyaddr
ntohs
WSAIoctl
gethostname
sendto
setsockopt
WSASocketA
ntohl
getsockopt
recvfrom
getservbyname
shutdown
WSASetLastError
WSAStartup
htonl
inet_addr
recv

Sections

.text
Size: 896KB - Virtual size: 894KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ntdtbfc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rebld_i
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

53ef25f84de68047a198bde6de1b8104

Headers

File Characteristics

Imports

kernel32

advapi32

dnsapi

gdi32

mpr

msvcr71d

netapi32

odbc32

psapi

shell32

user32

ws2_32

Sections

.text Size: 896KB - Virtual size: 894KB

.rdata Size: 104KB - Virtual size: 102KB

.data Size: 128KB - Virtual size: 152KB

Size: 12KB - Virtual size: 9KB

.ntdtbfc Size: 16KB - Virtual size: 16KB

.rebld_i Size: 4KB - Virtual size: 4KB

.text
Size: 896KB - Virtual size: 894KB

.rdata
Size: 104KB - Virtual size: 102KB

.data
Size: 128KB - Virtual size: 152KB

.ntdtbfc
Size: 16KB - Virtual size: 16KB

.rebld_i
Size: 4KB - Virtual size: 4KB