4090f1c6580bf1cbcfaa0552d0a59e62_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4090f1c6580bf1cbcfaa0552d0a59e62_JaffaCakes118
Size

244KB
MD5

4090f1c6580bf1cbcfaa0552d0a59e62
SHA1

50139bb1a514da6d74bebbcb856880d05d5e08e3
SHA256

27f56217e89e44004d8b60d0ab877c2fcc5734ba676a66e4955579e4421192cb
SHA512

55f4d9ef44b3565fc8766a9b8bb07e6d186486bd64b123166ea31bed9183e43b1af5528893ceaf619c6034276306d418422787b2c0654ddfdef584a3790f4fd9
SSDEEP

6144:PEg5EYmEHhg8FZQo9tgyXrf6JB/MnCgvWQmJQ:Prughg8XQ82QLaE/vFmu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4090f1c6580bf1cbcfaa0552d0a59e62_JaffaCakes118

Files

4090f1c6580bf1cbcfaa0552d0a59e62_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d02a683a58d24f4e4d0e1c96ec610b17

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSACleanup
socket
htons
ioctlsocket
connect
closesocket
send
recv
gethostbyname
WSAStartup

user32

GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
ShowWindow
CreateWindowExA
GetWindow
GetWindowTextLengthA
GetWindowTextA
SetTimer
DefWindowProcA
RegisterClassA
DestroyWindow
GetAsyncKeyState
KillTimer
FindWindowA
PostQuitMessage

advapi32

RegQueryValueExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
GetUserNameA
StartServiceCtrlDispatcherA
RegOpenKeyExA
RegSetValueExA
RegCloseKey
GetServiceDisplayNameA
CreateServiceA
StartServiceA
RegisterServiceCtrlHandlerA
SetServiceStatus
OpenSCManagerA
OpenServiceA
DeleteService
CloseServiceHandle

msvcrt

__set_app_type
__p__fmode
_controlfp
__p__commode
_adjust_fdiv
realloc
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
??2@YAPAXI@Z
atoi
memcpy
free
strrchr
strchr
strncpy
rand
_beginthread
__CxxFrameHandler
time
malloc
exit
strcpy
sprintf
strcat
memmove
strlen
abs
memset
_except_handler3
strstr
__setusermatherr
_strnicmp
_strlwr
_stricmp
_ltoa
_strrev

msvcirt

??0ifstream@@QAE@PBDHH@Z
??7ios@@QBEHXZ
??_Difstream@@QAEXXZ
?eof@ios@@QBEHXZ
?getline@istream@@QAEAAV1@PADHD@Z
?close@ifstream@@QAEXXZ
?openprot@filebuf@@2HB
??0ofstream@@QAE@PBDHH@Z
??6ostream@@QAEAAV0@PBD@Z
??_Dofstream@@QAEXXZ
?close@ofstream@@QAEXXZ

kernel32

SetErrorMode
lstrcmpiA
GetCommandLineA
GetModuleFileNameA
GetCurrentProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress
GetCurrentProcessId
FreeLibrary
GetEnvironmentVariableA
FindNextFileA
FindFirstFileA
GetComputerNameA
Process32Next
TerminateProcess
GetExitCodeProcess
OpenProcess
Process32First
CreateToolhelp32Snapshot
FindClose
lstrlenA
lstrcatA
GetSystemInfo
lstrcpyA
GetWindowsDirectoryA
SearchPathA
GetLocalTime
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GetStartupInfoA
CreateProcessA
WaitForSingleObject
Sleep
DeleteFileA
WriteFile
GetVersionExA
MoveFileA
GetFileTime
FileTimeToSystemTime
GetSystemTime
SetFilePointer
CreateFileA
ReadFile
CloseHandle
GetLastError

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d02a683a58d24f4e4d0e1c96ec610b17

Headers

File Characteristics

Imports

wsock32

user32

advapi32

msvcrt

msvcirt

kernel32

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 136KB

.rsrc Size: 4KB - Virtual size: 928B

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 136KB

.rsrc
Size: 4KB - Virtual size: 928B