35cc4febcf5ff8eae687d63ce5ba8c9b_JaffaCakes118

General

Target

35cc4febcf5ff8eae687d63ce5ba8c9b_JaffaCakes118
Size

120KB
MD5

35cc4febcf5ff8eae687d63ce5ba8c9b
SHA1

25d15c187789dc23281727d132dbdb868319d7f3
SHA256

7c3e28359ad31681ece59f60bf9be28ab4a958cf0dfcd417bb9134f6f7cc8b09
SHA512

fdd1bd58a007abfc9b421f6d4c3a93044a347872ba08af0445bd53328a2b5077d8444ac6400f141067f447e597817bd6074ea2055704a7039907d58515913364
SSDEEP

3072:XMHYKP+2GASp+6INLOkeAjd0HKMnuII0mXf9:8th/5WvuO6f9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
35cc4febcf5ff8eae687d63ce5ba8c9b_JaffaCakes118

Files

35cc4febcf5ff8eae687d63ce5ba8c9b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

65aee6e318434df9b5a6d5821e1af23c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord800
ord2763
ord926
ord858
ord939
ord941
ord4277
ord4202
ord4129
ord2764
ord537
ord2915
ord860
ord1158
ord5683
ord5710
ord825
ord6648
ord6283
ord6282
ord2818
ord2614
ord940
ord535
ord924
ord540

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
_acmdln
_XcptFilter
_exit
?terminate@@YAXXZ
_except_handler3
malloc
exit
strncmp
strncpy
strchr
strstr
sprintf
rand
time
srand
__CxxFrameHandler
_mbscmp
atoi
__getmainargs

kernel32

GetSystemDirectoryA
Sleep
CreateThread
lstrlenA
ResumeThread
CreateProcessA
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetCurrentProcess
lstrcatA
GetEnvironmentVariableA
GetShortPathNameA
GetLastError
CopyFileA
GetModuleFileNameA
GetModuleHandleA
GetStartupInfoA
WinExec

user32

wsprintfA

advapi32

StartServiceCtrlDispatcherA
RegOpenKeyExA
DeleteService
OpenServiceA
OpenSCManagerA
SetServiceStatus
RegisterServiceCtrlHandlerA
RegCloseKey
CloseServiceHandle
RegSetValueExA
RegOpenKeyA
StartServiceA
CreateServiceA

ws2_32

recv
send
gethostbyname
inet_addr
socket
WSAStartup
closesocket
setsockopt
connect
htons

urlmon

URLDownloadToFileA

winmm

timeGetTime

Sections

.text
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

65aee6e318434df9b5a6d5821e1af23c

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

advapi32

ws2_32

urlmon

winmm

Sections

.text Size: 110KB - Virtual size: 109KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 5KB - Virtual size: 4KB

.text
Size: 110KB - Virtual size: 109KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 5KB - Virtual size: 4KB