3e5e81d022d5ab1cb9ce3e13bbef03fa_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3e5e81d022d5ab1cb9ce3e13bbef03fa_JaffaCakes118
Size

40KB
MD5

3e5e81d022d5ab1cb9ce3e13bbef03fa
SHA1

b96adc8695f91bd0e954a510b53a81998601f72d
SHA256

56cd15fd9b8732d11e3b7dc1bc92b46ccd83bb527617cd931072233c01046813
SHA512

aef45a47be74e1ea547e7f7e873a23461de26ac364ecc116d907aac2ca8418a53eb4392c0a1a2fd125022c61f4d5e42409543bcdcdcd67dcfaade12f2a1f6b43
SSDEEP

768:pNs3FMSy2SOBpiyg4YAp/9DRmp04nYLKV8ODqrj0:pK1MNNO3iL4xKLBDqrj0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3e5e81d022d5ab1cb9ce3e13bbef03fa_JaffaCakes118

Files

3e5e81d022d5ab1cb9ce3e13bbef03fa_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e2635c217b992456f4001f9e3675ad3f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpyA
GetEnvironmentVariableA
GetShortPathNameA
ExitThread
ExitProcess
GetCurrentProcessId
GetTickCount
HeapAlloc
GetProcessHeap
CloseHandle
TerminateThread
SetFileTime
lstrcatA
GetFileTime
CreateFileA
GlobalFree
LockResource
GlobalAlloc
LoadResource
SizeofResource
FindResourceA
GetTempPathA
CreateThread
GetModuleHandleA
GetStartupInfoA
GetCurrentProcess
SetPriorityClass
GetCurrentThread
SetThreadPriority
CreateProcessA
ResumeThread
GetModuleFileNameA
CopyFileA
SetFileAttributesA
GetLastError
lstrlenA
LoadLibraryA
GetProcAddress
Sleep
GetVersionExA
GlobalMemoryStatus
WriteFile
GetSystemDirectoryA

user32

wsprintfA
ExitWindowsEx

advapi32

ControlService
AdjustTokenPrivileges
OpenProcessToken
DeleteService
RegisterServiceCtrlHandlerA
SetServiceStatus
OpenSCManagerA
CreateServiceA
OpenServiceA
StartServiceA
RegOpenKeyA
RegSetValueExA
CloseServiceHandle
RegCloseKey
RegOpenKeyExA
StartServiceCtrlDispatcherA
LookupPrivilegeValueA

mfc42

ord6663
ord800
ord924
ord537
ord6877
ord939
ord2818
ord4278
ord860
ord6648
ord858
ord535
ord540
ord2915
ord2764
ord2846
ord922
ord926
ord5710
ord4129

msvcrt

time
__CxxFrameHandler
srand
strncmp
_except_handler3
printf
fprintf
_iob
_local_unwind2
_mbscmp
strtok
strchr
__dllonexit
_onexit
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
rand
atoi
exit
strstr

urlmon

URLDownloadToFileA

msvcp60

??0Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ

ws2_32

gethostbyname
closesocket
connect
htons
inet_addr
socket
send
WSAGetLastError
recv
__WSAFDIsSet
setsockopt
WSAStartup
sendto
WSASocketA
gethostname
WSACleanup
htonl
ntohl
inet_ntoa

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 243KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e2635c217b992456f4001f9e3675ad3f

Headers

File Characteristics

Imports

kernel32

user32

advapi32

mfc42

msvcrt

urlmon

msvcp60

ws2_32

Sections

.text Size: 20KB - Virtual size: 16KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 243KB

.rsrc Size: 8KB - Virtual size: 6KB

.text
Size: 20KB - Virtual size: 16KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 243KB

.rsrc
Size: 8KB - Virtual size: 6KB