4011efce49bb688994ad147628c968a0_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

4011efce49bb688994ad147628c968a0_JaffaCakes118
Size

142KB
MD5

4011efce49bb688994ad147628c968a0
SHA1

ca3fae989a9ff9f0735167c7c568d62c3a6475de
SHA256

7f380306bb61faba56f60688e44a5780987588b24a43abc257ff9c5f8e758d1e
SHA512

12e800e37174838bfe408d4700439102beab9aca550b730d0eaa95c503d34757415db143f4153a0effd0b0ebb21d08fa2dfa4d3550d44192278a4565d219b078
SSDEEP

1536:Ma3ZwJhtIvedMWZGe0r8vnb0HgF9ry64EYQE9VuUkmaKdZ3d9QMUhQ+enRdFKdV:Mi2GWEMnb/kQ1KT3cMGhenRdFKd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4011efce49bb688994ad147628c968a0_JaffaCakes118

Files

4011efce49bb688994ad147628c968a0_JaffaCakes118
.exe windows:6 windows x86 arch:x86

e854c812bdb184ee38bedb72d40d3810

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\HIPS\HIPSEngine12\private\firewall\Bin\Release\FwHelper\UmxFwHlp.pdb

Imports

ws2_32

htonl
closesocket
WSAGetLastError
recv
send
ioctlsocket
accept
getsockopt
WSAStartup
socket
WSACleanup
__WSAFDIsSet
htons
bind
listen
select

kernel32

GetConsoleMode
GetConsoleCP
SetFilePointer
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetLastError
FlushInstructionCache
GetCurrentProcess
CloseHandle
lstrlenA
DeviceIoControl
SetEvent
GetCurrentThreadId
OpenProcess
SetLastError
FreeLibrary
SizeofResource
LoadResource
GetSystemTimeAsFileTime
Sleep
WaitForMultipleObjects
WaitForSingleObject
LockResource
CreateThread
InterlockedIncrement
InterlockedDecrement
GetCommandLineW
ReleaseMutex
LCMapStringA
WriteFile
ReadFile
GetVersion
CompareStringA
GetModuleHandleA
GetModuleFileNameA
GetWindowsDirectoryA
GetSystemDirectoryA
LoadLibraryA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoA
GetStringTypeA
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
CreateFileA
GetTickCount
GetOEMCP
HeapSize
GetCurrentProcessId
QueryPerformanceCounter
HeapCreate
HeapDestroy
GetFileType
SetHandleCount
GetCommandLineA
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
ExitProcess
IsDebuggerPresent
RtlUnwind
HeapReAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter

user32

GetActiveWindow
GetDlgItem
EndDialog
UnregisterClassA

advapi32

RegisterServiceCtrlHandlerW
ControlService
DeleteService
CreateServiceW
RegCloseKey
RegisterEventSourceW
ReportEventW
DeregisterEventSource
OpenSCManagerW
OpenServiceW
CloseServiceHandle
SetServiceStatus
StartServiceCtrlDispatcherW

ole32

CoTaskMemRealloc
CoUninitialize
CoInitialize
CoTaskMemFree
StringFromGUID2
CoCreateInstance
CoTaskMemAlloc

oleaut32

VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
SysStringLen

Sections

.text
Size: 96KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e854c812bdb184ee38bedb72d40d3810

Headers

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

user32

advapi32

ole32

oleaut32

Sections

.text Size: 96KB - Virtual size: 94KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 8KB - Virtual size: 15KB

.rsrc Size: 12KB - Virtual size: 8KB

.text
Size: 96KB - Virtual size: 94KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 8KB - Virtual size: 15KB

.rsrc
Size: 12KB - Virtual size: 8KB