26087e776dfebb997068891030a37e66_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

26087e776dfebb997068891030a37e66_JaffaCakes118
Size

221KB
MD5

26087e776dfebb997068891030a37e66
SHA1

c6484153ebc4e26c68b84d2724628ec3baba72f0
SHA256

6a156388360e9534dd3dac6e94860461ba54697d823a78eccbf9506d4e1da462
SHA512

1225d9997f4eb3ff33a0c6f95b9b124e57f79dbaccc9e8da6908a0985ed221f92222ad0847823a4d9b9cbbb4e687a6a253b3bca9bb8dff01636696327ecb579d
SSDEEP

6144:L+Y3Tor0/oFc8DTpu6PUv3LITR3FVH2VKNyY:L+qoi8DTkHv3M5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
26087e776dfebb997068891030a37e66_JaffaCakes118

Files

26087e776dfebb997068891030a37e66_JaffaCakes118
.exe windows:4 windows x86 arch:x86

67c9189ede982ab5be3725e48ac55b57

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\BUILD_~1\jdk6_11\control\build\WINDOW~1\tmp\deploy\javaws\bin\javaws.pdb

Imports

kernel32

WideCharToMultiByte
GlobalAlloc
MultiByteToWideChar
ReadFile
CloseHandle
WaitForSingleObject
CreateProcessA
SetHandleInformation
CreatePipe
CreateDirectoryA
GetWindowsDirectoryA
FindClose
FindFirstFileA
GetModuleHandleA
InterlockedExchange
GetACP
GetLocaleInfoA
GetVersionExA
GetThreadLocale
DeleteCriticalSection
GetLongPathNameA
GetShortPathNameA
GetLastError
CreateFileA
lstrlenW
SetEnvironmentVariableW
GetCurrentDirectoryA
GetFullPathNameA
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetTimeZoneInformation
GetModuleFileNameA
GetTickCount
LoadLibraryA
GetProcAddress
InitializeCriticalSection
FreeLibrary
LCMapStringW
LCMapStringA
FlushFileBuffers
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetSystemInfo
VirtualProtect
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
HeapFree
HeapAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
DeleteFileA
EnterCriticalSection
LeaveCriticalSection
GetFileType
GetStartupInfoA
GetCommandLineA
TlsAlloc
SetLastError
GetCurrentThreadId
TlsFree
TlsSetValue
TlsGetValue
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
GetStringTypeA
GetStringTypeW
WriteFile
SetStdHandle
SetHandleCount
GetStdHandle
GetFileAttributesA
SetEndOfFile
SetFilePointer
RtlUnwind
VirtualQuery
GetOEMCP
GetCPInfo
HeapSize
GetExitCodeProcess

user32

DispatchMessageA
TranslateMessage
GetMessageA
SetTimer
CreateWindowExA
RegisterClassA
LoadCursorA
wsprintfA
MessageBoxA
DefWindowProcA

advapi32

RegCloseKey
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
RegEnumKeyA

ole32

StringFromCLSID
CoTaskMemFree

wsock32

ntohs
listen
recv
getsockname
bind
socket
ioctlsocket
htons
connect
send
WSAGetLastError
WSAStartup
closesocket
WSAAsyncSelect
accept

Sections

.text
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 16KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.srdata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

67c9189ede982ab5be3725e48ac55b57

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

wsock32

Sections

.text Size: 76KB - Virtual size: 75KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 16KB - Virtual size: 60KB

.rsrc Size: 32KB - Virtual size: 31KB

.srdata Size: 76KB - Virtual size: 76KB

.text
Size: 76KB - Virtual size: 75KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 16KB - Virtual size: 60KB

.rsrc
Size: 32KB - Virtual size: 31KB

.srdata
Size: 76KB - Virtual size: 76KB