196a42f987c572938c1ce70d9614e24f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

196a42f987c572938c1ce70d9614e24f_JaffaCakes118
Size

45KB
MD5

196a42f987c572938c1ce70d9614e24f
SHA1

7afe20c7344bea4dac712a61b68cd278127334ef
SHA256

ff791b4808c0019a0cd843284c8b288c848163fe727f30e8a760461d9f7a7d1c
SHA512

05bc8ae8dde4ece98d79b842731651fa7da984dc87ca964578b32d66fd4a7755255b887c49b7a4fd3eef7ede905379f42a0c5dc3f3efadbf99b02fc1fda5eded
SSDEEP

768:DbDsHYra2mXAmy9P+8NVzSB++97PpYSWJiJYq:DnsTXQHPNNVWB++97PuiJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
196a42f987c572938c1ce70d9614e24f_JaffaCakes118

Files

196a42f987c572938c1ce70d9614e24f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

28311d9764d4b3c8d1ca4f08987bd805

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

atoi
strcpy
??1type_info@@UAE@XZ
??3@YAXPAX@Z
_CxxThrowException
strcmp
sprintf
strstr
strcat
memcpy
rand
_snprintf
strlen
strncpy
memmove
strncmp
strchr
_onexit
__dllonexit
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
fopen
fprintf
fclose
malloc
_ftol
getchar
strncat
toupper
srand
strtok
memset

ws2_32

inet_addr
gethostbyname
ioctlsocket
closesocket
getsockname
sendto
WSACleanup
recv
select
send
htons
socket
connect
WSAStartup

urlmon

URLDownloadToFileA

kernel32

ExitThread
lstrlenW
GetStartupInfoA
GetLogicalDriveStringsA
GetDriveTypeA
lstrcatA
CreateDirectoryA
CreateFileA
WriteFile
lstrlenA
WaitForSingleObject
TerminateThread
GetCurrentThread
GetVersionExA
GetProcAddress
GetCurrentProcess
SetErrorMode
CreateMutexA
GlobalAlloc
GlobalLock
GlobalUnlock
GetTickCount
GetTempPathA
GetLocaleInfoA
ExitProcess
CreateThread
GetWindowsDirectoryA
lstrcmpiA
GetFileAttributesA
CopyFileA
GetLastError
LocalFree
ExpandEnvironmentStringsA
CreateProcessA
VirtualAlloc
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
GetModuleHandleA
GetModuleFileNameA
Process32First
Process32Next
CreateToolhelp32Snapshot
Module32First
CloseHandle
ReadProcessMemory
OpenProcess
Module32Next
DeleteFileA
Sleep
TerminateProcess
SetFileAttributesA

shell32

ShellExecuteA

advapi32

EqualSid
RegSetValueExA
OpenThreadToken
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
RegCloseKey
FreeSid
RegOpenKeyExA
RegQueryValueExA
RegDeleteValueA
RegCreateKeyExA

user32

MessageBoxA
BlockInput
SetForegroundWindow
wsprintfA
GetWindowThreadProcessId
FindWindowA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
VkKeyScanA
keybd_event
ShowWindow
SetFocus

ole32

CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

SetErrorInfo
SysAllocString
CreateErrorInfo
VariantChangeType
VariantInit
GetErrorInfo
VariantClear

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

28311d9764d4b3c8d1ca4f08987bd805

Headers

File Characteristics

Imports

msvcrt

ws2_32

urlmon

kernel32

shell32

advapi32

user32

ole32

oleaut32

Sections

.text Size: 29KB - Virtual size: 28KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 6KB - Virtual size: 13KB

.idata Size: 5KB - Virtual size: 4KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 29KB - Virtual size: 28KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 6KB - Virtual size: 13KB

.idata
Size: 5KB - Virtual size: 4KB

.reloc
Size: 2KB - Virtual size: 2KB