329e259156fbf6516d6f0619c0edf782_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

329e259156fbf6516d6f0619c0edf782_JaffaCakes118
Size

308KB
MD5

329e259156fbf6516d6f0619c0edf782
SHA1

e82949a9101bafded6547bab85987b34540a4cf9
SHA256

9dbfc88af7ac792fca56cbe89d04cb927e3d50cb02241f925891f2b8cd4cc0c5
SHA512

519cbe09fbfda6cb8615496e0d067811a24cf097e51ad6e0f2edeb2cdf89539396a14f756563190f6962f79d92cebf0db5cdd847721a75e720719c0f4e632399
SSDEEP

6144:BC0ZeCtAazCQfS1eJB3wrBB+ffhl/mgjp8e:TwUJtX3wrYh9j5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
329e259156fbf6516d6f0619c0edf782_JaffaCakes118

Files

329e259156fbf6516d6f0619c0edf782_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7b42dafa40b14811890c73b3709b1ab4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
__CxxFrameHandler
__getmainargs
_acmdln
_XcptFilter
_exit
_onexit
__dllonexit
??1type_info@@UAE@XZ
fgets
longjmp
_setjmp3
_ftime
_endthreadex
_beginthreadex
printf
sprintf
_errno
strerror
perror
_initterm
_isctype
_pctype
calloc
fprintf
_iob
fflush
sscanf
strrchr
fwrite
fseek
_stricmp
ftell
fread
fputc
wcscat
fopen
fclose
_ftol
rand
srand
free
malloc
strncat
exit
strncmp
_snprintf
atof
strchr
_vsnprintf
_CxxThrowException
??0exception@@QAE@ABV0@@Z
??2@YAPAXI@Z
strtok
strstr
strncpy
??3@YAXPAX@Z
system
atoi
_purecall
_memccpy
__mb_cur_max
_strdup
_strlwr

msvcp60

?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??0out_of_range@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1out_of_range@std@@UAE@XZ
??0out_of_range@std@@QAE@ABV01@@Z
??0logic_error@std@@QAE@ABV01@@Z

iphlpapi

GetTcpTable

kernel32

OpenProcess
GetStartupInfoA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
TlsGetValue
SetLastError
TlsFree
TlsAlloc
GetExitCodeThread
ReleaseSemaphore
CreateSemaphoreA
GetCurrentProcessId
SetThreadPriority
GetProcessAffinityMask
TlsSetValue
FreeLibrary
WaitForMultipleObjects
CreateEventA
GetCurrentThreadId
DuplicateHandle
InterlockedIncrement
GetThreadPriority
SuspendThread
GetThreadContext
SetThreadContext
ResumeThread
SetEvent
WaitForSingleObject
ResetEvent
InterlockedDecrement
TerminateThread
DeleteCriticalSection
InitializeCriticalSection
CreateThread
EnterCriticalSection
LeaveCriticalSection
GetCurrentThread
GetCurrentProcess
TerminateProcess
FindResourceA
LoadResource
SizeofResource
LockResource
MultiByteToWideChar
GetLocalTime
GetLastError
GetTempPathA
WriteFile
LoadLibraryA
GetProcAddress
GetTickCount
DeleteFileA
GetSystemDirectoryA
CreateProcessA
ExpandEnvironmentStringsA
GetComputerNameA
GetVersionExA
GlobalMemoryStatus
GetStdHandle
AllocConsole
FreeConsole
Sleep
ExitThread
CloseHandle
ReadFile
SetFilePointer
GetFileSize
CreateFileA
FindClose
FindNextFileA
FindFirstFileA
GetModuleFileNameA
GetModuleHandleA
SetFileTime
GetFileTime
GetWindowsDirectoryA
CopyFileA

user32

ExitWindowsEx
wsprintfA

advapi32

OpenServiceA
RegQueryInfoKeyA
RegEnumKeyExA
EnumServicesStatusA
OpenThreadToken
AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueA
RegQueryValueExA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceA
RegCloseKey
ControlService
DeleteService
OpenSCManagerA
CreateServiceA
CloseServiceHandle
ChangeServiceConfig2A
RegCreateKeyExA
GetUserNameA
RegOpenKeyExA
RegSetValueExA
RegDeleteValueA

shell32

ShellExecuteA

ws2_32

ntohs
getsockname
bind
htons
socket
connect
WSACleanup
WSAStartup
gethostname
WSAGetLastError
__WSAFDIsSet
listen
ioctlsocket
ntohl
recvfrom
sendto
setsockopt
WSASocketA
WSAIoctl
getservbyname
shutdown
WSASetLastError
inet_ntoa
htonl
select
accept
closesocket
send
recv
inet_addr
gethostbyaddr
getpeername
gethostbyname

mpr

WNetAddConnection2W
WNetCancelConnection2W

psapi

GetModuleBaseNameA
EnumProcessModules
EnumProcesses

dnsapi

DnsQuery_A

Sections

.text
Size: 240KB - Virtual size: 237KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 814KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7b42dafa40b14811890c73b3709b1ab4

Headers

File Characteristics

Imports

msvcrt

msvcp60

iphlpapi

kernel32

user32

advapi32

shell32

ws2_32

mpr

psapi

dnsapi

Sections

.text Size: 240KB - Virtual size: 237KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 20KB - Virtual size: 814KB

.idata Size: 8KB - Virtual size: 7KB

.reloc Size: 16KB - Virtual size: 40KB

.text
Size: 240KB - Virtual size: 237KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 20KB - Virtual size: 814KB

.idata
Size: 8KB - Virtual size: 7KB

.reloc
Size: 16KB - Virtual size: 40KB