5ef8bdb2b12359d95873b8c8e0090163_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5ef8bdb2b12359d95873b8c8e0090163_JaffaCakes118
Size

468KB
MD5

5ef8bdb2b12359d95873b8c8e0090163
SHA1

86fc041902e516b313474ebd8eb91d2cfbbffa11
SHA256

774d7e097e7191345a3eaadcc57b6e83c577b65e4ad363d6457576ef7ab4a828
SHA512

9a90cdfee3b29b8390e35b813fd60765d0c4570217b4788c3630bd223252d32ef1d8fd0b9a4c8fee5cbdb238efd364cf0c84e0191030a9d2ac46a6a882ec16a7
SSDEEP

12288:BgXSvVEHipcAG6qfhojFgxglkkqYs25j9e:KA6Cpc+aqRgxgCY7e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5ef8bdb2b12359d95873b8c8e0090163_JaffaCakes118

Files

5ef8bdb2b12359d95873b8c8e0090163_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2a96cbdf645a240fb50dc823612b4c8e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ddraw

DirectDrawCreate

msvcrt

memcmp
wcscpy
free
wcsncpy
wcscmp
_adjust_fdiv
strlen
malloc
_except_handler3
memset
swprintf
wcscat
_initterm
wcschr
_wcsicmp
memcpy
wcslen
memmove

mswsock

AcceptEx
GetAcceptExSockaddrs

advapi32

CryptAcquireContextW
RegEnumKeyExW
RegisterServiceCtrlHandlerW
RegEnumValueW
RegCloseKey
RegQueryValueExW
SetServiceStatus
CryptGenRandom
RegOpenKeyExW
CryptReleaseContext

dnsapi

DnsReplaceRecordSetW

ole32

CoInitializeEx
CoCreateInstance
CoUninitialize
CoTaskMemFree

kernel32

LeaveCriticalSection
EnterCriticalSection
FreeLibrary
Sleep
CreateTimerQueue
HeapCreate
UnhandledExceptionFilter
DeleteTimerQueueTimer
GetCurrentThreadId
TerminateProcess
VirtualAlloc
GetTickCount
WideCharToMultiByte
CreateEventW
InterlockedDecrement
InterlockedIncrement
WaitForSingleObject
DisableThreadLibraryCalls
DeleteCriticalSection
ReleaseMutex
MultiByteToWideChar
HeapAlloc
WriteFile
UnregisterWaitEx
QueryPerformanceCounter
GetSystemTimeAsFileTime
HeapDestroy
SetLastError
CreateTimerQueueTimer
UnregisterWait
RegisterWaitForSingleObject
ReadFile
QueueUserWorkItem
BindIoCompletionCallback
GetCurrentProcessId
ExpandEnvironmentStringsW
LoadLibraryW
SetEvent
CreateMutexW
CloseHandle
InterlockedExchange
GetCurrentProcess
GetLastError
GetComputerNameExW
HeapReAlloc
HeapFree
CreateFileW
DeviceIoControl
SetUnhandledExceptionFilter
GetProcAddress
DeleteTimerQueue
InitializeCriticalSection

ntdll

RtlStringFromGUID
RtlAdjustPrivilege
NtUnlockVirtualMemory

wmi

WmiNotificationRegistrationW

ws2_32

WSAAddressToStringW
WSASocketW
WSALookupServiceEnd
freeaddrinfo
WSAEventSelect
WSAIoctl
WSALookupServiceBeginW
WSAAddressToStringA
getnameinfo
WSARecvFrom
WSALookupServiceNextW
WSASendTo
WSAStringToAddressA
getaddrinfo

iphlpapi

GetAdaptersInfo
GetAdaptersAddresses
NotifyAddrChange
NotifyRouteChange

rtutils

TraceDeregisterW
RouterLogRegisterW
TracePrintfExW
TraceRegisterExW
RouterLogDeregisterW

Sections

.text
Size: 4KB - Virtual size: 892B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 104KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rdata
Size: 272KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2a96cbdf645a240fb50dc823612b4c8e

Headers

File Characteristics

Imports

ddraw

msvcrt

mswsock

advapi32

dnsapi

ole32

kernel32

ntdll

wmi

ws2_32

iphlpapi

rtutils

Sections

.text Size: 4KB - Virtual size: 892B

.rsrc Size: 104KB - Virtual size: 101KB

.data Size: 76KB - Virtual size: 2.4MB

.reloc Size: 4KB - Virtual size: 64B

.rdata Size: 272KB - Virtual size: 268KB

.idata Size: 4KB - Virtual size: 3KB

.text
Size: 4KB - Virtual size: 892B

.rsrc
Size: 104KB - Virtual size: 101KB

.data
Size: 76KB - Virtual size: 2.4MB

.reloc
Size: 4KB - Virtual size: 64B

.rdata
Size: 272KB - Virtual size: 268KB

.idata
Size: 4KB - Virtual size: 3KB