3459c0539b1e3cf3f8f367db54d35108_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3459c0539b1e3cf3f8f367db54d35108_JaffaCakes118
Size

81KB
MD5

3459c0539b1e3cf3f8f367db54d35108
SHA1

0dd8ddbc65d6ae24597e779fa68706d46b3671cb
SHA256

0dfb2b6ebcef3b1628e114832bb3a134fb406bbb345f32c2d602426356eec4ec
SHA512

d9fb0700dbc33f4d10d890a6ad7efd1106d23d8008e67db6ab00e05bf385cc3b21738d808841fa0948d43fa83800251cffa55b2349a9c924f26f7a6a6ef8a290
SSDEEP

1536:qCGQNWCnscHY7/JF2kEdXHDLhpl8Xi4gIaipysLaSyLA2:qcS2HdXnl54PAFA2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3459c0539b1e3cf3f8f367db54d35108_JaffaCakes118

Files

3459c0539b1e3cf3f8f367db54d35108_JaffaCakes118
.exe windows:4 windows x86 arch:x86

12557bf2ee15f8073371b25bc488d679

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
lstrcpyA
ReleaseMutex
GetDriveTypeA
GetLogicalDriveStringsA
lstrcpynA
VirtualFreeEx
GetExitCodeThread
WriteProcessMemory
VirtualAllocEx
OpenProcess
GetCurrentProcess
GetCurrentDirectoryA
GetCurrentThreadId
GetLastError
LoadLibraryA
GetProcAddress
ReadProcessMemory
GetModuleHandleA
GetStartupInfoA
IsBadReadPtr

msvcp60

?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHABV12@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHIIPBDI@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

msvcrt

__CxxFrameHandler
_EH_prolog
??2@YAPAXI@Z
strchr
memcpy
calloc
fclose
fprintf
fopen
strcmp
fgets
sprintf
fwrite
_vsnprintf
atoi
free
__dllonexit
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
strcat
srand
rand
strncpy
memset
_snprintf
strlen
malloc
strcpy
printf
strstr

ws2_32

gethostbyname
WSACleanup
inet_addr
WSAStartup
inet_ntoa
gethostbyaddr

user32

SetRect
EnumChildWindows
GetWindowThreadProcessId
IsWindow
ShowWindow
GetWindowTextLengthA
GetParent
SendMessageA
MessageBoxA
GetClassNameA
SetCursorPos
ClipCursor
IsWindowVisible

advapi32

RegOpenKeyA
OpenSCManagerA
CreateServiceA
OpenServiceA
StartServiceA
ControlService
CloseServiceHandle
DeleteService

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA

wininet

DeleteUrlCacheEntry

Sections

.text
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 241KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

12557bf2ee15f8073371b25bc488d679

Headers

File Characteristics

Imports

kernel32

msvcp60

msvcrt

ws2_32

user32

advapi32

shell32

wininet

Sections

.text Size: 43KB - Virtual size: 43KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 30KB - Virtual size: 241KB

.text
Size: 43KB - Virtual size: 43KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 30KB - Virtual size: 241KB