6263b67a59dad81aecae69276d265e1f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6263b67a59dad81aecae69276d265e1f_JaffaCakes118
Size

128KB
MD5

6263b67a59dad81aecae69276d265e1f
SHA1

568b06696ea0270ee1a744a5ac16418c8dacde1c
SHA256

7418d747940adba7a9b93dd8e3a9c470194f8e442983f129dd9f19431c8963b9
SHA512

75d658a9cfc75e98b2c987ade0e19698a54d00e57c3618a54568341bef41192a9b2cbb53ee557035af89823cad8be60b0950eeb18fd6fe39b4f6a1fb7c7a44d1
SSDEEP

3072:vuwdE4JQCqrdrjL5eUIzePrykrSoZj7B:v1E4JQCqrdr4UMePryE7B

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6263b67a59dad81aecae69276d265e1f_JaffaCakes118

Files

6263b67a59dad81aecae69276d265e1f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a12d43068bb05af9291d3267c70d338d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalAlloc
CompareStringW
CompareStringA
GetFileAttributesA
SetConsoleTextAttribute
SetConsoleTitleA
GetStdHandle
ExitProcess
Sleep
ReadConsoleInputA
CreateThread
LocalFree
GetOEMCP
GetACP
GetCPInfo
CreateProcessA
WaitForSingleObject
GetExitCodeProcess
CreateFileA
GetStringTypeW
GetStringTypeA
ReadFile
FlushFileBuffers
SetStdHandle
SetEndOfFile
lstrcpyA
LoadLibraryA
HeapDestroy
HeapReAlloc
VirtualAlloc
WriteFile
VirtualFree
HeapCreate
HeapFree
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
UnhandledExceptionFilter
LCMapStringW
LCMapStringA
WideCharToMultiByte
HeapAlloc
SetFilePointer
GetModuleHandleA
GetProcAddress
GetLocalTime
GetSystemTimeAsFileTime
GetSystemTime
CloseHandle
GetVersion
GetCommandLineA
MultiByteToWideChar
SetCurrentDirectoryA
GetCurrentDirectoryA
SetEnvironmentVariableA
FileTimeToLocalFileTime
GetLastError
DeleteFileA
GetTimeZoneInformation
RtlUnwind
FindClose
FileTimeToSystemTime
TerminateProcess
GetCurrentProcess
FindFirstFileA
FindNextFileA

user32

wsprintfA

advapi32

GetSidIdentifierAuthority
LookupAccountNameA
GetSidSubAuthorityCount
GetSidSubAuthority
AllocateAndInitializeSid
LookupAccountSidA
FreeSid

shell32

ShellExecuteA

odbc32

ord75
ord24
ord41
ord3
ord31

oncrpc

rpc_nt_init
xdr_void
xdr_pmaplist
clnttcp_create
rpc_nt_exit

icmp

IcmpSendEcho
IcmpCloseHandle
IcmpCreateFile

ws2_32

gethostbyaddr
closesocket
WSAStartup
inet_addr
shutdown
gethostbyname
getservbyport
inet_ntoa
WSACleanup
select
connect
ioctlsocket
socket
send
recv
htons
htonl
ntohl

wininet

InternetOpenA
InternetCloseHandle
InternetConnectA

mpr

WNetAddConnection2A
WNetCancelConnection2A

netapi32

NetUserEnum
NetApiBufferFree

libmysql

mysql_init
mysql_real_connect
mysql_get_server_info
mysql_close

Sections

.text
Size: 96KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 7.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a12d43068bb05af9291d3267c70d338d

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

odbc32

oncrpc

icmp

ws2_32

wininet

mpr

netapi32

libmysql

Sections

.text Size: 96KB - Virtual size: 94KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 20KB - Virtual size: 7.3MB

.text
Size: 96KB - Virtual size: 94KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 20KB - Virtual size: 7.3MB