5dc18bc5d48e77c5c660b9309a427496_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5dc18bc5d48e77c5c660b9309a427496_JaffaCakes118
Size

748KB
MD5

5dc18bc5d48e77c5c660b9309a427496
SHA1

eb282e2f1a9b743710af412cfa42ed34c873c625
SHA256

fb509952268d18b9cf83ea30088fedc4fee7d820ed9f122b0b739664dcee1c5c
SHA512

eacf63f9ecd3a562183d5ee62ae99babf5cf5aa893e46b7205ea86b95c0263bce026817104fe552024a675d481e9220c81af4793f30f12d7d4f7f2d9088e68e2
SSDEEP

12288:DW0WiKYnZ/RGG7kGSwmWtoVq/I3MgIQTNrPAJQqhWSOJUf3zhMzdLYMth:K0WtYnZ/gGBgAI5hTNUJQJEvzhMznth

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5dc18bc5d48e77c5c660b9309a427496_JaffaCakes118

Files

5dc18bc5d48e77c5c660b9309a427496_JaffaCakes118
.exe windows:4 windows x86 arch:x86

92a6d514c6aaecc9253dd056a0d4bd7a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\FxDev2\NMSource\Messenger\ClientCore\Release\NMCOSrv.pdb

Imports

icmp

IcmpSendEcho
IcmpCreateFile
IcmpCloseHandle

dbghelp

MiniDumpReadDumpStream
MiniDumpWriteDump

kernel32

CloseHandle
UnmapViewOfFile
MapViewOfFile
GetLastError
CreateFileMappingA
CreateFileA
GetCurrentProcess
GetCurrentProcessId
GetTickCount
GetCurrentThreadId
FindClose
CreateDirectoryA
FindFirstFileA
FindNextFileA
DeleteFileA
ReadFile
GetFileInformationByHandle
SetFilePointer
WriteFile
GetLocalTime
GetFullPathNameA
WaitForSingleObjectEx
SetEvent
GetFileAttributesA
WaitForMultipleObjects
SetUnhandledExceptionFilter
CreateEventA
OpenProcess
GetExitCodeProcess
WaitForSingleObject
GetVersionExA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
InitializeCriticalSection
DeleteCriticalSection
RaiseException
InterlockedIncrement
InterlockedDecrement
GetSystemInfo
InterlockedCompareExchange
WideCharToMultiByte
MultiByteToWideChar
TerminateThread
ResumeThread
InterlockedExchangeAdd
DuplicateHandle
SetEndOfFile
GetTimeZoneInformation
SetStdHandle
IsBadCodePtr
IsBadReadPtr
GetModuleFileNameA
SetCurrentDirectoryA
Sleep
GetLocaleInfoW
CompareStringA
CompareStringW
ResetEvent
LoadLibraryA
GetOEMCP
GetStringTypeW
GetStringTypeA
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetCPInfo
SetConsoleCtrlHandler
FlushFileBuffers
SetEnvironmentVariableA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
IsBadWritePtr
VirtualFree
HeapCreate
HeapDestroy
UnhandledExceptionFilter
FatalAppExitA
HeapSize
GetSystemTimeAsFileTime
QueryPerformanceCounter
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThread
OutputDebugStringA
EnterCriticalSection
LeaveCriticalSection
ExitProcess
RtlUnwind
GetProcAddress
GetModuleHandleA
TerminateProcess
ExitThread
CreateThread
HeapAlloc
HeapFree
GetStartupInfoA
GetCommandLineA
HeapReAlloc
VirtualProtect
VirtualAlloc
VirtualQuery
LCMapStringA
LCMapStringW
TlsAlloc
SetLastError

user32

PostMessageA
wsprintfA
MessageBoxA
UnregisterClassA

advapi32

RegQueryValueExA
RegOpenKeyExA
AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueA
RegCloseKey

shell32

SHGetSpecialFolderPathA

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

ws2_32

WSACloseEvent
accept
WSASetEvent
ntohs
getpeername
getsockname
closesocket
recv
WSACreateEvent
bind
listen
WSAEventSelect
inet_addr
gethostbyname
WSAGetLastError
htons
recvfrom
send
sendto
shutdown
WSAEnumNetworkEvents
WSAResetEvent
WSAWaitForMultipleEvents
WSACleanup
WSAStartup
connect
WSASocketA

Sections

.text
Size: 408KB - Virtual size: 405KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 264KB - Virtual size: 514KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 22B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

92a6d514c6aaecc9253dd056a0d4bd7a

Headers

File Characteristics

PDB Paths

Imports

icmp

dbghelp

kernel32

user32

advapi32

shell32

version

ws2_32

Sections

.text Size: 408KB - Virtual size: 405KB

.rdata Size: 60KB - Virtual size: 57KB

.data Size: 264KB - Virtual size: 514KB

.tls Size: 4KB - Virtual size: 22B

.rsrc Size: 8KB - Virtual size: 8KB

.text
Size: 408KB - Virtual size: 405KB

.rdata
Size: 60KB - Virtual size: 57KB

.data
Size: 264KB - Virtual size: 514KB

.tls
Size: 4KB - Virtual size: 22B

.rsrc
Size: 8KB - Virtual size: 8KB