60366b29eaadc5ebe7266e129d076b67_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

60366b29eaadc5ebe7266e129d076b67_JaffaCakes118
Size

268KB
MD5

60366b29eaadc5ebe7266e129d076b67
SHA1

8e728b5fa68fe4e73d39d78344ed6c7a25bda0bc
SHA256

3166f9356cc6d8afc391cb96e1c966840f1bba195e2880e0b14e7b0c6109caae
SHA512

eb014941a53a0b2e3b1a52c9f739b8b2f33fc951ea6b7b4657f9a06bfb2d1472d9df4b53bd1fc87f54897f21beb21c86dd4cfb3679fe2ee0329815ab9fc34ccd
SSDEEP

3072:WkhLNkB50dVxZAq86BbtoEF3m634xpyldTHhAjPVV88vU4PhE0cZyXb5aIjPo3L5:Wk5Nq50sughQ8XbgI2/yK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
60366b29eaadc5ebe7266e129d076b67_JaffaCakes118

Files

60366b29eaadc5ebe7266e129d076b67_JaffaCakes118
.exe windows:4 windows x86 arch:x86

beca3b0722b380ac3b038716a073f692

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSAAsyncSelect
WSAStartup
listen
gethostname
gethostbyaddr
inet_addr
bind
ntohl
gethostbyname
send
recv
closesocket
accept
socket
htons

urlmon

URLDownloadToFileA

snmpapi

SnmpUtilMemFree
SnmpUtilOidFree
SnmpUtilOidCpy
SnmpUtilMemAlloc

wininet

FtpCreateDirectoryA
FtpSetCurrentDirectoryA
InternetGetLastResponseInfoA
InternetConnectA
InternetCloseHandle
InternetOpenA
FtpPutFileA

kernel32

GetSystemInfo
VirtualProtect
GetCPInfo
GetLocaleInfoA
FlushFileBuffers
SetStdHandle
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
Sleep
WritePrivateProfileStringA
GetWindowsDirectoryA
FindClose
FindNextFileA
DeleteFileA
FindFirstFileA
lstrcatA
lstrlenA
lstrcpynA
SetFileAttributesA
lstrcmpA
CopyFileA
GetPrivateProfileStringA
GetModuleFileNameA
GetSystemDirectoryA
GetComputerNameA
lstrcpyA
GetVersionExA
CreateThread
FreeLibrary
CloseHandle
OpenProcess
TerminateProcess
GetProcAddress
GetModuleHandleA
LoadLibraryA
GetTickCount
HeapAlloc
VirtualQuery
GetProcessHeap
GetExitCodeThread
SetThreadPriority
GlobalMemoryStatus
ReleaseMutex
GetLastError
CreateMutexA
_lclose
_lwrite
CreateFileA
LocalFree
LocalAlloc
GetProfileStringA
GetProfileIntA
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
SetFilePointer
ReadFile
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
GetCurrentProcess
ExitProcess
GetCommandLineA
GetStartupInfoA
GetSystemTimeAsFileTime
GetACP
GetOEMCP
CompareStringA
CompareStringW
SetEnvironmentVariableA
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
SetEndOfFile
HeapSize
LCMapStringA
WideCharToMultiByte
SetHandleCount
GetStdHandle
GetFileType
WriteFile
GetTimeZoneInformation
UnhandledExceptionFilter
FreeEnvironmentStringsA
LCMapStringW
RtlUnwind
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
CreateDirectoryA
GetFullPathNameA
GetCurrentDirectoryA
HeapFree

user32

UpdateWindow
TranslateMessage
PostQuitMessage
DialogBoxParamA
CreateWindowExA
KillTimer
SetCursorPos
ExitWindowsEx
DefWindowProcA
EndDialog
SetDlgItemTextA
SetTimer
GetForegroundWindow
GetWindowThreadProcessId
SendDlgItemMessageA
PeekMessageA
GetMessageA
DispatchMessageA
FindWindowExA
GetWindowTextA
EnumChildWindows
GetWindowLongA
LoadIconA
PostMessageA
RegisterClassA
GetWindow
GetParent
FindWindowA
EnumWindows
ShowWindow
SendMessageA
wsprintfA
GetClassNameA

gdi32

CreateFontA
GetStockObject

winspool.drv

EnumJobsA
OpenPrinterA
EnumPrintersA
ClosePrinter

advapi32

RegCloseKey
RegOpenKeyA
RegQueryInfoKeyA
RegEnumValueA
GetUserNameA
RegCreateKeyA
RegSetValueExA
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA

shell32

ShellExecuteA
Shell_NotifyIconA

Sections

.text
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.neolit
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

beca3b0722b380ac3b038716a073f692

Headers

File Characteristics

Imports

wsock32

urlmon

snmpapi

wininet

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

Sections

.text Size: 80KB - Virtual size: 80KB

.rdata Size: 20KB - Virtual size: 20KB

.data Size: 80KB - Virtual size: 80KB

.rsrc Size: 60KB - Virtual size: 60KB

.neolit Size: 24KB - Virtual size: 24KB

.text
Size: 80KB - Virtual size: 80KB

.rdata
Size: 20KB - Virtual size: 20KB

.data
Size: 80KB - Virtual size: 80KB

.rsrc
Size: 60KB - Virtual size: 60KB

.neolit
Size: 24KB - Virtual size: 24KB