5ccc33359fd9e082dd1c2a8a8884c905_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5ccc33359fd9e082dd1c2a8a8884c905_JaffaCakes118
Size

251KB
MD5

5ccc33359fd9e082dd1c2a8a8884c905
SHA1

5e0d209de0c2355166c38cf812f68d6e9f1070f4
SHA256

268dfebf4ce9a3b5d90f813a8e507c443dcba350f1c845fb4b1f196eaa94aca2
SHA512

0de5f6ef993193d6f79e8133e67fbbcf8b44ff240d3280d1ebd2c9f2c41c376e238de3c816f645623f912eaf5bc79e553c22d9450f57053398ef74e2b15c407c
SSDEEP

3072:tWxnVhSL236Hd0RC/3rJGlMXp6hgdY/vsQ9QyXtpQQRW1Ndhr17uyQA8eCMcDh5y:tGK235Ro3d+MXp6hgeXBQ8tpoDNjc3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5ccc33359fd9e082dd1c2a8a8884c905_JaffaCakes118

Files

5ccc33359fd9e082dd1c2a8a8884c905_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c8e71891d8fb43fb4ccd7c05bf862ae0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
GetLocalTime
Sleep
GetModuleFileNameA
GetCommandLineA
GetTempPathA
CreateDirectoryA
ReadFile
DeleteFileA
SetEndOfFile
LoadLibraryA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
CreateFileA
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
SetFilePointer
InitializeCriticalSectionAndSpinCount
VirtualAlloc
HeapReAlloc
HeapSize
HeapAlloc
FlushFileBuffers
RemoveDirectoryA
MoveFileA
CreateMutexA
GetLastError
lstrcpyA
lstrcatA
lstrlenA
ExpandEnvironmentStringsA
GetFileAttributesExA
CreateThread
WaitForSingleObject
TerminateThread
CloseHandle
GetProcessHeap
WriteFile
VirtualFree
HeapFree
HeapCreate
HeapDestroy
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
LoadLibraryW
ExitProcess
OutputDebugStringW
GetFileType
WriteConsoleW
OutputDebugStringA
GetStdHandle
DebugBreak
LCMapStringW
LCMapStringA
MultiByteToWideChar
IsValidCodePage
GetCPInfo
GetOEMCP
GetACP
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
SetLastError
TlsFree
GetCurrentThreadId
TlsSetValue
TlsAlloc
GetModuleHandleW
TlsGetValue
GetProcAddress
IsBadReadPtr
HeapValidate
GetStartupInfoA
GetModuleFileNameW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RaiseException
RtlUnwind
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement

user32

GetClassLongA
wsprintfA

advapi32

RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
RegCloseKey

ole32

CoInitialize

shell32

ShellExecuteA

shlwapi

PathIsDirectoryA
PathFileExistsA
PathFindFileNameA
PathRemoveBlanksA
PathGetArgsA

ws2_32

recv
closesocket
__WSAFDIsSet
select
connect
ioctlsocket
htons
socket
gethostbyname
WSAStartup
send

netapi32

Netbios

comdlg32

ChooseColorW
ChooseFontA

iphlpapi

IpRenewAddress
CancelIPChangeNotify
GetExtendedUdpTable
CreateIpNetEntry
GetExtendedTcpTable
GetIpForwardTable
GetNetworkParams
GetIcmpStatisticsEx
GetIcmpStatistics
GetIpStatisticsEx
CreateProxyArpEntry

msi

ord255
ord180
ord253
ord94
ord257
ord205
ord189
ord227
ord240
ord41
ord264
ord228
ord129
ord66
ord109
ord254
ord60
ord190
ord42
ord110
ord273
ord67
ord259
ord225
ord81
ord241
ord8
ord215
ord38
ord210
ord72
ord267
ord130
ord107
ord266
ord263
ord136
ord156
ord244
ord126
ord174
ord111
ord7
ord268
ord9
ord177
ord239
ord272
ord40
ord44
ord232
ord108
ord82
ord260
ord211
ord270
ord217
ord86
ord131
ord11
ord104
ord249
ord93
ord204
ord172
ord137
ord84
ord56
ord43
ord70
ord71
ord95
ord265
ord238
ord195
ord89
ord275
ord65

msimg32

TransparentBlt

msvfw32

DrawDibChangePalette
ICLocate
ICCompressorChoose
ICSeqCompressFrameStart
ICDrawBegin
DrawDibProfileDisplay

mswsock

TransmitFile

Sections

.text
Size: 167KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c8e71891d8fb43fb4ccd7c05bf862ae0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

shell32

shlwapi

ws2_32

netapi32

comdlg32

iphlpapi

msi

msimg32

msvfw32

mswsock

Sections

.text Size: 167KB - Virtual size: 166KB

.rdata Size: 61KB - Virtual size: 61KB

.data Size: 4KB - Virtual size: 21KB

.reloc Size: 17KB - Virtual size: 16KB

.text
Size: 167KB - Virtual size: 166KB

.rdata
Size: 61KB - Virtual size: 61KB

.data
Size: 4KB - Virtual size: 21KB

.reloc
Size: 17KB - Virtual size: 16KB