4412b804be1fd819cdb59d03909a2832_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4412b804be1fd819cdb59d03909a2832_JaffaCakes118
Size

25KB
MD5

4412b804be1fd819cdb59d03909a2832
SHA1

955b2777988bd5907403e4fd4692e6990dc27560
SHA256

a08efa5fadc37f86328abff70eefb5279c80b6c7faba654d1fa3b6490431ac67
SHA512

3fd4887eef4d708ff16e13c755ae1117d00d65a313a7c69452150a004484fdcac5d9a38f84c983c3c9c81574562baea1b63b2b4440a22577d9975b5735b68863
SSDEEP

768:XDYinA70pXxVgTaoVnfJhdcmpzukfYDKKHEx+w2X5QNs:zDnA7WxiTVVxrcaJzQwcCS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4412b804be1fd819cdb59d03909a2832_JaffaCakes118

Files

4412b804be1fd819cdb59d03909a2832_JaffaCakes118
.exe windows:4 windows x86 arch:x86

71fc466dc11da8c409c038e3e3dfb76d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtCreateKey

advapi32

RegOpenKeyExA
RegCreateKeyA
RegQueryValueExA
RegSetValueExA
RegCloseKey
RegOpenKeyA

msvcrt

fclose
_onexit
__CxxFrameHandler
_adjust_fdiv
_CxxThrowException
_CIpow
_initterm
_except_handler3
fwrite
__dllonexit
ftell
exp
_purecall
_CIsqrt
sprintf
fopen
fflush
free
fseek
malloc
_CIexp

kernel32

GetModuleHandleA
SetUnhandledExceptionFilter
GetCurrentProcessId
QueryPerformanceCounter
IsBadCodePtr
VirtualAlloc
UnhandledExceptionFilter
LocalReAlloc
GetSystemInfo
IsBadReadPtr
GetTickCount
Sleep
GetModuleFileNameA
DisableThreadLibraryCalls
VirtualFree
GetProcAddress
GetCurrentProcess
LocalAlloc
GetCurrentThreadId
TerminateProcess
GetVersionExA
GetSystemTimeAsFileTime
LocalFree
FreeLibrary
LoadLibraryA

ddraw

AcquireDDThreadLock
CompleteCreateSysmemSurface
DDInternalLock
ReleaseDDThreadLock
D3DParseUnknownCommand
DDInternalUnlock

user32

IntersectRect
IsRectEmpty

dhcpcsvc

McastApiStartup

ws2_32

WSAGetLastError

Sections

.textbss
Size: - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

71fc466dc11da8c409c038e3e3dfb76d

Headers

File Characteristics

Imports

ntdll

advapi32

msvcrt

kernel32

ddraw

user32

dhcpcsvc

ws2_32

Sections

.textbss Size: - Virtual size: 96KB

.text Size: 512B - Virtual size: 436B

.idata Size: 22KB - Virtual size: 22KB

.rdata Size: 512B - Virtual size: 32B

.data Size: 512B - Virtual size: 216B

.textbss
Size: - Virtual size: 96KB

.text
Size: 512B - Virtual size: 436B

.idata
Size: 22KB - Virtual size: 22KB

.rdata
Size: 512B - Virtual size: 32B

.data
Size: 512B - Virtual size: 216B