212cd2c43e8a3f6aeaf01e15172efdb6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

212cd2c43e8a3f6aeaf01e15172efdb6_JaffaCakes118
Size

27KB
MD5

212cd2c43e8a3f6aeaf01e15172efdb6
SHA1

b69bd3ab2553d8dfb3cc88a94b30354071c7b8dc
SHA256

188f040f4bf7bb91816bf78ce63673cb9be34c6eb764d9a6be44868147b1b5a1
SHA512

ec361a7c066b54f25a7e5e92d454c2739e1936d47e83d7afe6811c81b19b7e0908de7df995b3cd7844e831248be6aac47bdf236e3dc46f833354138016456b7d
SSDEEP

384:FMBa2onADM0R730hvZO9CbB/CBOV9cuoNVG2smhmQNYq6XVD9v1zEWi/WL3/A08:oNoncRdEbB/PbmHGGhmYLkVbo218

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
212cd2c43e8a3f6aeaf01e15172efdb6_JaffaCakes118

Files

212cd2c43e8a3f6aeaf01e15172efdb6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0bc820ad460d78575538df46e607db41

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

htonl
sendto
inet_addr
gethostbyname
setsockopt
WSASocketA
socket
htons
connect
send
select
__WSAFDIsSet
recv
closesocket
WSAIoctl
shutdown
WSAStartup

kernel32

FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
GetStartupInfoA
Sleep
GetTickCount
ResumeThread
CreateProcessW
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetCurrentProcess
lstrcatW
GetEnvironmentVariableW
GetShortPathNameW
GetModuleFileNameW
CloseHandle
CreateProcessA
TerminateProcess
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
DuplicateHandle
CreateFileA
ExitProcess
SetFileAttributesA
CopyFileA
lstrcmpiA
lstrcatA
GetModuleFileNameA
SetErrorMode
lstrlenA
GetLastError
WaitForSingleObject
CreateThread
CreateMutexA
DeleteFileA
InterlockedExchange
lstrcpyA
GlobalMemoryStatusEx
GetVersionExA
GetCurrentProcessId
GetModuleHandleA
VirtualAlloc
ReadProcessMemory
GetThreadContext
SetThreadContext
WriteProcessMemory
VirtualProtectEx
ReadFile
GetFileSize
VirtualFree
VirtualQueryEx

user32

wsprintfW
wsprintfA
ExitWindowsEx

advapi32

RegOpenKeyExA
RegQueryValueExA
DeleteService
OpenSCManagerA
CreateServiceA
OpenServiceA
StartServiceA
RegOpenKeyA
RegSetValueExA
RegCloseKey
CloseServiceHandle
RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceCtrlDispatcherA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

msvcrt

??3@YAXPAX@Z
sprintf
_ui64toa
strstr
memmove
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_strlwr
_strnicmp
rand
srand
strncpy
??2@YAPAXI@Z
__CxxFrameHandler
_except_handler3
atoi
strcspn

shell32

ShellExecuteA

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0bc820ad460d78575538df46e607db41

Headers

File Characteristics

Imports

ws2_32

kernel32

user32

advapi32

msvcrt

shell32

Sections

.text Size: 14KB - Virtual size: 14KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.vmp0 Size: 4KB - Virtual size: 3KB

.reloc Size: 1024B - Virtual size: 536B

.text
Size: 14KB - Virtual size: 14KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.vmp0
Size: 4KB - Virtual size: 3KB

.reloc
Size: 1024B - Virtual size: 536B