21029150ccea1f5a3f86d97ee5c3285e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

21029150ccea1f5a3f86d97ee5c3285e_JaffaCakes118
Size

25KB
MD5

21029150ccea1f5a3f86d97ee5c3285e
SHA1

cb0fb3e4ae105cfea5e94c02fd95ddaf1b693ca8
SHA256

65682089ae6d3fd676a65bc62c78195ec118adb676fe9cfabe40e00e7398a2d8
SHA512

ed631bce3cef88f5269e5cc9e1559aea11da4400b5ec850cb6c9de72d1cf8c0814cdfae9450946cbfdf38468e3c8df956344c9d00d03c562d7577afbff87b582
SSDEEP

384:eGLASO8MC2NwKqmOHTWCc7g7W648EPOs6fXMJpKZvQpzpFggJAXeUB9:NA9lwdm3BUW6rEPOxkpKZYpzYB9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
21029150ccea1f5a3f86d97ee5c3285e_JaffaCakes118

Files

21029150ccea1f5a3f86d97ee5c3285e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

707995005f5fccfb65efc7d8a333ca10

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

dhcpcsvc

McastApiStartup

ddraw

DDInternalLock
ReleaseDDThreadLock
CompleteCreateSysmemSurface
AcquireDDThreadLock
DDInternalUnlock
D3DParseUnknownCommand

ws2_32

WSAGetLastError

ntdll

NtCreateKey

user32

IsRectEmpty
IntersectRect

msvcrt

_onexit
fseek
fflush
_CIsqrt
_adjust_fdiv
_purecall
sprintf
_except_handler3
_initterm
free
__CxxFrameHandler
_CxxThrowException
_CIexp
ftell
fopen
exp
__dllonexit
fwrite
malloc
fclose
_CIpow

advapi32

RegSetValueExA
RegQueryValueExA
RegCloseKey
RegCreateKeyA
RegOpenKeyExA
RegOpenKeyA

kernel32

LocalReAlloc
QueryPerformanceCounter
GetProcAddress
UnhandledExceptionFilter
FreeLibrary
SetUnhandledExceptionFilter
Sleep
VirtualFree
IsBadReadPtr
LocalFree
VirtualAlloc
LoadLibraryA
GetSystemInfo
LocalAlloc
TerminateProcess
GetTickCount
GetCurrentProcessId
GetCurrentProcess
GetVersionExA
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
IsBadCodePtr
GetModuleHandleA
GetModuleFileNameA

Sections

.textbss
Size: - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 440B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

707995005f5fccfb65efc7d8a333ca10

Headers

File Characteristics

Imports

dhcpcsvc

ddraw

ws2_32

ntdll

user32

msvcrt

advapi32

kernel32

Sections

.textbss Size: - Virtual size: 96KB

.text Size: 512B - Virtual size: 440B

.idata Size: 22KB - Virtual size: 22KB

.rdata Size: 512B - Virtual size: 32B

.data Size: 512B - Virtual size: 216B

.textbss
Size: - Virtual size: 96KB

.text
Size: 512B - Virtual size: 440B

.idata
Size: 22KB - Virtual size: 22KB

.rdata
Size: 512B - Virtual size: 32B

.data
Size: 512B - Virtual size: 216B