08c8ac951c75beb95a9099fac42e9376_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

08c8ac951c75beb95a9099fac42e9376_JaffaCakes118
Size

829KB
MD5

08c8ac951c75beb95a9099fac42e9376
SHA1

915b4436f0cb4416d85debd2d92f14ee1e78fafc
SHA256

2f1cb2ccd1c17d22b8e92b17a1fa9244156cb8088784dc42bc420dd19ca66836
SHA512

8d2229dd17886e235e755e5483f7c04f6cb90ffc7177cdb03e2e6866e6bcc8c2b3a5e704b62aec90873d06053086fa58acb494e18850cf40bb1c258f6c4012c9
SSDEEP

12288:y/BE2p1idNGKq5dG8A3kKHjCl3SGqF2VKr9RK4jiV:yXpAdNGK8dG8A3kKHj63S1FFY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
08c8ac951c75beb95a9099fac42e9376_JaffaCakes118

Files

08c8ac951c75beb95a9099fac42e9376_JaffaCakes118
.exe windows:4 windows x86 arch:x86

176939437f5e44ae660bd0a477630df5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\NeroBackItUp4.2\backup\Build\WinNT\pdb\x86\Release\NBSFtp\NBSFtp.pdb

Imports

kernel32

GetProcessTimes
GetCurrentProcess
GetThreadTimes
GetCurrentThread
GlobalMemoryStatus
QueryPerformanceCounter
GetTickCount
FindClose
FindNextFileA
FindFirstFileA
GetWindowsDirectoryA
CloseHandle
CreateFileMappingA
GetCurrentThreadId
GetVersionExA
SleepEx
LocalFree
FormatMessageA
SetCurrentDirectoryA
GetSystemTime
GetFileTime
GetFileSize
CreateFileA
ReadFile
WriteFile
SetFileTime
GetFileAttributesA
CreateDirectoryA
Sleep
GetEnvironmentVariableA
GetCurrentProcessId
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoA
InterlockedCompareExchange
InterlockedExchange
GetSystemTimeAsFileTime
GetSystemTimeAdjustment
WaitForMultipleObjects
ResetEvent
MapViewOfFile
SetEvent
UnmapViewOfFile
GetHandleInformation
GetCurrentDirectoryA
GetLastError

user32

DestroyWindow
PostQuitMessage
DispatchMessageA
IsDialogMessageA
GetWindowLongA
GetMessageA
SetWindowLongA
CreateDialogParamA
RegisterClassA
LoadCursorA
PostMessageA
MessageBoxA
SendMessageA
FindWindowA
GetForegroundWindow
GetCapture
GetClipboardOwner
GetQueueStatus
GetCursorPos
DefDlgProcA

advapi32

GetUserNameA
RegCreateKeyA
RegSetValueExA
RegOpenKeyA
RegQueryValueExA
RegDeleteKeyA
RegEnumKeyA
RegCloseKey

msvcr80

fputc
_controlfp_s
_invoke_watson
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_except_handler4_common
_crt_debugger_hook
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
strncpy
memcpy
memset
__setusermatherr
fgetc
fopen
strchr
exit
strstr
_atoi64
??3@YAXPAX@Z
malloc
realloc
free
_vsnprintf
printf
qsort
sprintf
memmove
strcspn
sscanf
strspn
fputs
__iob_func
fwrite
fgets
fflush
fprintf
strrchr
vfprintf
strtok
strncat
atoi
strtoul
memchr
abort
fclose
fread
ungetc
remove
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
_acmdln
_initterm
_initterm_e
_configthreadlocale

Sections

.text
Size: 168KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 604KB - Virtual size: 604KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

176939437f5e44ae660bd0a477630df5

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

msvcr80

Sections

.text Size: 168KB - Virtual size: 166KB

.rdata Size: 44KB - Virtual size: 40KB

.data Size: 4KB - Virtual size: 14KB

.rsrc Size: 604KB - Virtual size: 604KB

.text
Size: 168KB - Virtual size: 166KB

.rdata
Size: 44KB - Virtual size: 40KB

.data
Size: 4KB - Virtual size: 14KB

.rsrc
Size: 604KB - Virtual size: 604KB