091a8eda7c01949f8dac05f7547fe17d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

091a8eda7c01949f8dac05f7547fe17d_JaffaCakes118
Size

148KB
MD5

091a8eda7c01949f8dac05f7547fe17d
SHA1

91f3bfb63eb9c26d6beeb614f371a5f845d5d053
SHA256

8b73284e761cb9c2b904f31e617da063f29507a5c756a228a9a8b74926a1acec
SHA512

03d609ed95388ac7e6f7a5f03d31ec1c507d934829533269f8e3684a53c12b7d457b913db08c7af74ca8dc504794c440fc72258767aa3c57805b95bae2134377
SSDEEP

3072:T/HvhQTNyClK/g0k6/WUZZAsW5CWqROvkA1Jw:jHGTNyClKDSeH+kA1C

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
091a8eda7c01949f8dac05f7547fe17d_JaffaCakes118

Files

091a8eda7c01949f8dac05f7547fe17d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5a0e7e185e3c9be88a57613880bff3f7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\BUILD_~1\jdk6_26\control\build\WINDOW~1\tmp\deploy\jqs\jqs\jqs.pdb

Imports

ws2_32

connect
WSACleanup
WSACloseEvent
recv
send
accept
htonl
htons
WSAEventSelect
select
getsockname
WSAStartup
listen
bind
socket
WSASetEvent
WSAWaitForMultipleEvents
WSAResetEvent
WSACreateEvent
WSAGetLastError
closesocket

ole32

OleInitialize
OleUninitialize

advapi32

EqualSid
CreateServiceA
DeleteService
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
OpenSCManagerA
OpenServiceA
ChangeServiceConfigA
QueryServiceStatus
StartServiceA
ControlService
CloseServiceHandle
RegDeleteValueA
SetServiceStatus
RegOpenKeyExA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegisterEventSourceA
ReportEventA
DeregisterEventSource
OpenThreadToken
OpenProcessToken
GetTokenInformation
FreeSid
AllocateAndInitializeSid

msvcr71

iswctype
fread
_snprintf
isxdigit
_strnicmp
_purecall
isdigit
strtod
isspace
getenv
_iob
_vsnprintf
setlocale
strftime
localtime
time
abort
_endthreadex
_beginthreadex
tolower
fgets
??1type_info@@UAE@XZ
__dllonexit
_onexit
__security_error_handler
_c_exit
_exit
_XcptFilter
_cexit
__p___initenv
_amsg_exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
_controlfp
sscanf
_except_handler3
strcspn
sprintf
fclose
printf
_strtoui64
_strtoi64
strtol
??_U@YAPAXI@Z
localeconv
strtoul
fopen
_errno
strerror
??0bad_cast@@QAE@PBD@Z
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@ABV0@@Z
fprintf
free
??_V@YAXPAX@Z
memchr
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
_CxxThrowException
__CxxFrameHandler
??2@YAPAXI@Z
??3@YAXPAX@Z
memmove
_stat
memcpy
__crtLCMapStringA
__pctype_func
isupper
___lc_codepage_func
___lc_handle_func
_unlock
malloc
_lock
___setlc_active_func
___unguarded_readlc_active_add_func
islower
__uncaught_exception
exit
fflush

kernel32

GetTickCount
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
GlobalMemoryStatus
WaitForMultipleObjects
DeviceIoControl
UnmapViewOfFile
VirtualUnlock
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
VirtualLock
LoadLibraryExA
MapViewOfFile
CreateFileMappingA
Sleep
GetSystemTimeAsFileTime
QueryPerformanceCounter
QueryPerformanceFrequency
GetModuleHandleA
SetConsoleCtrlHandler
GetCurrentProcessId
OpenProcess
SetPriorityClass
CreateEventA
SetEvent
WaitForSingleObject
GetCurrentThread
WideCharToMultiByte
CreateFileA
GetLogicalDrives
QueryDosDeviceA
GetFullPathNameA
GetLongPathNameA
GetModuleFileNameA
GetThreadLocale
CloseHandle
SetErrorMode
GetVersionExA
GetSystemInfo
GetLastError
GetCurrentProcess
GetProcAddress
FreeLibrary
GetSystemDirectoryA
LoadLibraryA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
ExitProcess

Sections

.text
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5a0e7e185e3c9be88a57613880bff3f7

Headers

File Characteristics

PDB Paths

Imports

ws2_32

ole32

advapi32

msvcr71

kernel32

Sections

.text Size: 88KB - Virtual size: 85KB

.rdata Size: 44KB - Virtual size: 42KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 8KB - Virtual size: 5KB

.text
Size: 88KB - Virtual size: 85KB

.rdata
Size: 44KB - Virtual size: 42KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 8KB - Virtual size: 5KB