2dd3658e06e8578e9e385ecacfa6103b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2dd3658e06e8578e9e385ecacfa6103b_JaffaCakes118
Size

200KB
MD5

2dd3658e06e8578e9e385ecacfa6103b
SHA1

873935aa46e72f561ff03b19ed752eab5d992bc7
SHA256

f8ee9b0ae0744ae0d88c9148ea8555566e25d31922261e2d674689edf7a3119f
SHA512

60355812ee9844a01aba7507726cbce96a86e2db96262f17bd5e48848c71476e342a3c777bacffc6754da590eb2b8f4c059f98d9df7cff0f7f14664ffcfd389c
SSDEEP

3072:XmjWkdhyIygJnyRdU2NMWG16YNm2pc1eDzGFawF94APyP2l2ipmIrK1T:XUdE0yk2xa1gR1eDzgaXOl2AfrK1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2dd3658e06e8578e9e385ecacfa6103b_JaffaCakes118

Files

2dd3658e06e8578e9e385ecacfa6103b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e12a2cfb96c14b469f0f24c2b44659cf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FormatMessageA
CreateMutexA
GetTimeFormatA
GetModuleFileNameA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
SetErrorMode
LocalFree
CreateProcessA
ReleaseMutex
OpenProcess
GetExitCodeProcess
lstrcpyA
GetVersionExA
SetEvent
CreateEventA
WaitForSingleObject
GetLastError
GetDateFormatA
Sleep
EnterCriticalSection
GetStartupInfoA
GetModuleHandleA
FindNextFileA
FindClose
FindFirstFileA
InitializeCriticalSection
LoadLibraryA
GetProcAddress
CloseHandle
LeaveCriticalSection
DeleteCriticalSection

user32

GetDlgItem
WinHelpA
CreateWindowExA
SetDlgItemTextA
SetDlgItemInt
SetClassLongA
UpdateWindow
SendMessageA
DestroyWindow
GetCursorPos
RegisterClassA
CreatePopupMenu
LoadCursorA
LoadIconA
MessageBoxA
LoadStringA
FindWindowA
SetFocus
PostMessageA
TrackPopupMenu
SetForegroundWindow
SetMenuDefaultItem
GetSystemMenu
DestroyIcon
LoadImageA
TranslateMessage
DispatchMessageA
GetMessageA
SetWindowLongA
GetWindowLongA
ShowWindow
DefWindowProcA
PostQuitMessage
DeleteMenu
AppendMenuA
DestroyMenu

gdi32

GetStockObject

shell32

Shell_NotifyIconA

comctl32

PropertySheetA

advapi32

ReportEventA
RegisterServiceCtrlHandlerA
DeregisterEventSource
RegOpenKeyExA
CloseServiceHandle
QueryServiceStatus
ControlService
OpenServiceA
OpenSCManagerA
RegCloseKey
RegQueryValueExA
RegisterEventSourceA
SetServiceStatus
StartServiceCtrlDispatcherA
StartServiceA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

fbclient

ord79
ord42
ord51

msvcp60

??0bad_alloc@std@@QAE@PBD@Z
??1bad_alloc@std@@UAE@XZ
??0bad_alloc@std@@QAE@ABV01@@Z
?_Xran@std@@YAXXZ
?_Xlen@std@@YAXXZ

msvcrt

malloc
memmove
sprintf
__p__fmode
??1type_info@@UAE@XZ
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
_access
_purecall
fopen
exit
fread
fseek
fclose
_stricmp
_controlfp
time
_onexit
__dllonexit
_except_handler3
__set_app_type
memchr
getenv
fprintf
??0exception@@QAE@ABV0@@Z
_CxxThrowException
atoi
__p__commode
__CxxFrameHandler
_beginthread
free
strrchr
strncpy
localtime

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 144KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e12a2cfb96c14b469f0f24c2b44659cf

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comctl32

advapi32

version

fbclient

msvcp60

msvcrt

Sections

.text Size: 40KB - Virtual size: 39KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 144KB - Virtual size: 142KB

.text
Size: 40KB - Virtual size: 39KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 144KB - Virtual size: 142KB