0e47cf436308ff06eef6e813e9ac8958_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0e47cf436308ff06eef6e813e9ac8958_JaffaCakes118
Size

44KB
MD5

0e47cf436308ff06eef6e813e9ac8958
SHA1

454df0987732b50b6c2c62e74f332101103b804e
SHA256

4cd59d0a82bd263e41c12364d4d8ebe3d4cae7a93872d45d742c7f43e4a7af80
SHA512

e5759ff6a78b14d7ee929ed06c6b1d24dd1640f55c1f7cd9f22602e8cbdafa310ae9276b9ad5c0413cc8c1e45a2f230adfe287e38eeaac728d73560280fa12eb
SSDEEP

768:zqprwBwIV0B+b91MxyFw+t5t+xZBxR7SAo:FwIRLjFClo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0e47cf436308ff06eef6e813e9ac8958_JaffaCakes118

Files

0e47cf436308ff06eef6e813e9ac8958_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cf85fcbddc3940ee9a7843ca629bde6f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAStartup
WSACleanup
shutdown
accept
inet_ntoa
gethostname
sendto
socket
inet_addr
gethostbyname
setsockopt
bind
listen
WSAAsyncSelect
recvfrom
send
recv
htons
connect
WSAGetLastError
closesocket

mfc42

ord800
ord825
ord5600
ord518
ord4168
ord785
ord501
ord1083
ord5621
ord773
ord823
ord5607
ord540
ord860

msvcrt

__dllonexit
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
__getmainargs
_XcptFilter
_exit
_onexit
_initterm
?terminate@@YAXXZ
_except_handler3
sprintf
_stricmp
exit
atoi
printf
strncpy
malloc
free
__CxxFrameHandler
__p___initenv

kernel32

GetModuleFileNameA
SetEvent
CreateEventA
WaitForSingleObject
GetQueuedCompletionStatus
GetOverlappedResult
FormatMessageA
LocalFree
SetConsoleCtrlHandler
GetTickCount
ReadFile
lstrlenA
Sleep
GetLastError
GetModuleHandleA
GetProcAddress
CreateIoCompletionPort
GlobalAlloc
CreateThread
TerminateProcess
PeekNamedPipe
GlobalFree
GetCurrentProcess
CreatePipe
WriteFile
CloseHandle
DuplicateHandle

user32

PostMessageA
DestroyWindow
wsprintfA
GetDesktopWindow
CreateWindowExA
PeekMessageA

advapi32

RegQueryValueExA
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
RegSetValueExA
RegOpenKeyExA
CreateServiceA
RegCloseKey
CloseServiceHandle
DeleteService
ControlService
QueryServiceStatus
OpenServiceA
OpenSCManagerA

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hesha
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cf85fcbddc3940ee9a7843ca629bde6f

Headers

File Characteristics

Imports

ws2_32

mfc42

msvcrt

kernel32

user32

advapi32

Sections

.text Size: 24KB - Virtual size: 21KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 9KB

.rsrc Size: 4KB - Virtual size: 2KB

.hesha Size: 4KB - Virtual size: 4KB

.text
Size: 24KB - Virtual size: 21KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 9KB

.rsrc
Size: 4KB - Virtual size: 2KB

.hesha
Size: 4KB - Virtual size: 4KB