369c3dba561c9d4cdae81b95c7d7942c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

369c3dba561c9d4cdae81b95c7d7942c_JaffaCakes118
Size

272KB
MD5

369c3dba561c9d4cdae81b95c7d7942c
SHA1

6c46bee22e59d3b94dacff154b77dd061dd98873
SHA256

333cdd15343f365df64a812509dc0ddbc7082b872d708ade4dc809693bb81665
SHA512

6dff80aafb861ccc0a398aaf3bb9b4863667958995e04b83cfa8a7039e15b6b1a14aa786ed192b960b88956a0fbf5134457f30126bc056785f9d1c0bb1c6bf4f
SSDEEP

6144:GPKCDgZO0fbZkSZHNHVVrTzPP55pWxxSz+V86lxo6SsQLH5Ab:g0PfbXNVV3zPP5NzY8SxpSsPb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
369c3dba561c9d4cdae81b95c7d7942c_JaffaCakes118

Files

369c3dba561c9d4cdae81b95c7d7942c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c1bda5bc05f8f8101077051301d7c799

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFilePointer
FindFirstFileA
ReadFile
CreateFileA
FindClose
GetFullPathNameA
GetDriveTypeA
GetVersionExA
GetCurrentThread
GetCurrentProcess
GetComputerNameA
OpenProcess
GetLastError
WriteFile
FlushFileBuffers
CloseHandle
InitializeCriticalSection
LoadLibraryA
EnterCriticalSection
DeleteCriticalSection
GetProcAddress
LeaveCriticalSection

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
OpenThreadToken
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
GetUserNameA
EqualSid
FreeSid

mpr

WNetEnumResourceA
WNetGetUniversalNameA
WNetOpenEnumA
WNetCloseEnum

fbclient

ord75
ord139
ord176
ord156
ord166
ord117
ord162
ord3
ord122
ord42
ord248
ord250
ord249
ord125
ord142
ord44
ord231
ord55
ord11
ord9
ord66
ord13
ord72
ord74
ord69
ord62
ord82
ord43
ord101
ord100
ord49
ord85
ord14
ord58
ord83
ord18
ord48
ord1
ord39
ord37
ord8
ord65
ord67
ord53
ord15
ord138
ord145
ord10
ord113
ord51
ord103
ord169
ord115
ord128
ord2
ord168
ord17
ord24
ord56
ord116
ord129

msvcp60

??0bad_alloc@std@@QAE@PBD@Z
??1bad_alloc@std@@UAE@XZ
??0bad_alloc@std@@QAE@ABV01@@Z
?_Xran@std@@YAXXZ
?_Xlen@std@@YAXXZ

msvcrt

fclose
fputs
system
_stat
_strnicmp
_stricmp
_fileno
_isatty
strncpy
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__p___initenv
_XcptFilter
_exit
??1type_info@@UAE@XZ
free
malloc
??1exception@@UAE@XZ
??0exception@@QAE@XZ
??0exception@@QAE@ABV0@@Z
vsprintf
fgetc
fputc
memchr
toupper
isalpha
memmove
_fullpath
strchr
strpbrk
_mktemp
_pclose
_ftol
getenv
localtime
rewind
puts
_errno
putc
getc
fseek
_CxxThrowException
fopen
_iob
signal
__CxxFrameHandler
printf
strncmp
putchar
sprintf
time
_popen
_unlink
exit
fprintf
atoi

Sections

.text
Size: 176KB - Virtual size: 175KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c1bda5bc05f8f8101077051301d7c799

Headers

File Characteristics

Imports

kernel32

advapi32

mpr

fbclient

msvcp60

msvcrt

Sections

.text Size: 176KB - Virtual size: 175KB

.rdata Size: 28KB - Virtual size: 25KB

.data Size: 20KB - Virtual size: 20KB

.rsrc Size: 44KB - Virtual size: 41KB

.text
Size: 176KB - Virtual size: 175KB

.rdata
Size: 28KB - Virtual size: 25KB

.data
Size: 20KB - Virtual size: 20KB

.rsrc
Size: 44KB - Virtual size: 41KB