37342ee03edadfd9ea2ff5c15dfd16fd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

37342ee03edadfd9ea2ff5c15dfd16fd_JaffaCakes118
Size

51KB
MD5

37342ee03edadfd9ea2ff5c15dfd16fd
SHA1

77cd711a93fbb6ebe39c9ef79f6182434c749bf0
SHA256

c572dabc6c86f3c16e01f7e6c01bb64f210e2b0ce77e17e9f10d703826c843dc
SHA512

d34566b4fbdac782e96b194e9970ad7a0b6b1c3f0cdb031b5b54fb58f09239b58159b1e49e76f61ab00510ed203f19e8c640862f3a78df09975d4964e13832cb
SSDEEP

768:fs4QeR4L1yNvZQcTOa2nQmEVJ8YLkYmgAhsmJD1HeA7DBsn47V:fs4QmvZ9TOa2QL8Y3mTCkB7W47

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
37342ee03edadfd9ea2ff5c15dfd16fd_JaffaCakes118

Files

37342ee03edadfd9ea2ff5c15dfd16fd_JaffaCakes118
.exe windows:4 windows x86 arch:x86

75dd6c81cf18aaa176eb81db8f0b5f3a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
GetEnvironmentVariableA
GetShortPathNameA
CreateProcessA
CopyFileA
lstrcatA
GetWindowsDirectoryA
GetTimeZoneInformation
DeleteFileA
SetPriorityClass
lstrcpyA
LeaveCriticalSection
EnterCriticalSection
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
GetStartupInfoA
GetModuleHandleA
CloseHandle
GetCurrentThread
SetThreadPriority
SetProcessPriorityBoost
ExitProcess
GetModuleFileNameA
WinExec
CreateThread
Sleep
CreateMutexA
GetLastError
Process32First
CreateToolhelp32Snapshot
OpenProcess
GetCurrentProcessId
TerminateProcess
Process32Next
GetLocalTime
GetSystemTime
GetTempPathA
SystemTimeToFileTime

user32

DrawTextA
wsprintfA

gdi32

SetBkColor
CreateDCA
CreateCompatibleDC
CreateFontA
SelectObject
CreateDIBSection
SetPixel
StretchBlt
DeleteObject
DeleteDC
SetTextColor

advapi32

RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCloseKey
GetCurrentHwProfileA

shell32

SHChangeNotify
ShellExecuteExA
StrStrIA

msvcp60

??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@IIABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ

ws2_32

shutdown
closesocket
WSACleanup
recv
ioctlsocket
send
WSAGetLastError
select
htons
WSAStartup
gethostname
gethostbyname
inet_addr
setsockopt
socket
connect

dnsapi

DnsRecordListFree
DnsQuery_A

msvcrt

malloc
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
free
atof
atol
_ftol
fopen
strlen
strcpy
memset
??2@YAPAXI@Z
sprintf
rand
srand
time
_snprintf
strcat
_itoa
strftime
localtime
memcpy
__CxxFrameHandler
atoi
strstr
fclose
fwrite

Sections

.text
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

75dd6c81cf18aaa176eb81db8f0b5f3a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

msvcp60

ws2_32

dnsapi

msvcrt

Sections

.text Size: 50KB - Virtual size: 49KB

.text
Size: 50KB - Virtual size: 49KB