66152ccd0bfd96b57e5e7e302dd8c9c9_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

66152ccd0bfd96b57e5e7e302dd8c9c9_JaffaCakes118
Size

220KB
MD5

66152ccd0bfd96b57e5e7e302dd8c9c9
SHA1

2a4eeca9eb976d0985739c9eb365f8aa8bda1c91
SHA256

382e9e738767ffe9fe4320d0c70b0f004f9e4bb653d9a135510e48751891f44b
SHA512

408d916fc5d67b467ef96abc0fc3429d36c977670ab2c95097085915fb916294e3ce49f3ff7e6f47435b64a16bd27b99f82dab1bf1fda93826a5d6710ad0c39d
SSDEEP

6144:Z41N+TtNBktjombDoZ1xNd3geQ0y5LMEjRS4d/HHJapS+j:Z4jQNAoZCvjRl/HpaU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
66152ccd0bfd96b57e5e7e302dd8c9c9_JaffaCakes118

Files

66152ccd0bfd96b57e5e7e302dd8c9c9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9c1b9e8161059d8ce9f12439cadc0af1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_stricmp
_strdup
_itoa
_wcsicmp
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
_onexit
__dllonexit
isalpha
wcslen
islower
isupper
isalnum
_strrev
swprintf
wcsncpy
fread
putc
_ultoa
_endthreadex
_beginthreadex
sscanf
fgets
toupper
isdigit
strchr
free
_local_unwind2
_iob
strrchr
malloc
time
__CxxFrameHandler
_snprintf
strncmp
atoi
wcscmp
strstr
_ftol
rand
strncpy
strtok
printf
srand
exit
wcsstr
wcscat
sprintf
_except_handler3
fopen
vsprintf
fprintf
fclose
??3@YAXPAX@Z
??2@YAPAXI@Z

msvcp60

??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ

advapi32

GetSidSubAuthority
LookupAccountSidW
ControlService
QueryServiceStatus
StartServiceW
DeleteService
AllocateAndInitializeSid
FreeSid
OpenServiceA
GetUserNameA
EnumServicesStatusW
OpenSCManagerW
RegOpenKeyExA
RegSetValueExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegisterServiceCtrlHandlerW
SetServiceStatus
OpenSCManagerA
CreateServiceA
ChangeServiceConfig2W
CloseServiceHandle
StartServiceCtrlDispatcherW
LsaOpenPolicy
LsaAddAccountRights
LsaRemoveAccountRights
LookupAccountNameW
GetUserNameW
LsaClose

mpr

WNetCancelConnectionW
WNetAddConnection2W

netapi32

NetApiBufferFree
NetUserEnum
NetUserGetInfo
NetShareAdd
NetRemoteTOD
NetServerGetInfo
NetServerDiskEnum

odbc32

ord31
ord75
ord24
ord141

shell32

ShellExecuteA

user32

wsprintfA
wsprintfW
wvsprintfA

wininet

InternetOpenW
InternetCloseHandle
InternetOpenUrlA
InternetReadFile

ws2_32

WSACleanup
closesocket
recv
send
select
connect
ioctlsocket
socket
htons
inet_addr
__WSAFDIsSet
shutdown
gethostbyaddr
inet_ntoa
gethostbyname
getsockname
WSAStartup

kernel32

HeapFree
IsBadWritePtr
VirtualQuery
GetModuleFileNameW
ExitProcess
GetLastError
FormatMessageW
LocalFree
SetUnhandledExceptionFilter
GetModuleHandleW
GetModuleFileNameA
GetCurrentProcessId
WriteFile
GetProcessHeap
GetVersionExW
lstrcmpiA
WaitForSingleObject
GetExitCodeProcess
ExitThread
PeekNamedPipe
ReadFile
DuplicateHandle
CreatePipe
SearchPathA
SetFileTime
GetFileTime
GetWindowsDirectoryA
CreateFileW
GetWindowsDirectoryW
HeapReAlloc
HeapAlloc
lstrlenW
MultiByteToWideChar
CloseHandle
Sleep
CopyFileW
DeleteFileW
SetCurrentDirectoryW
GetSystemDirectoryW
GetTempPathW
LoadLibraryW
GetTickCount
GetCurrentThreadId
GetProcAddress
LoadLibraryA
ReleaseMutex
CreateMutexW
GetCurrentProcess
SetPriorityClass
OpenProcess
DeleteFileA
TerminateThread
GetDiskFreeSpaceExW
TerminateProcess
Process32NextW
Process32FirstW
GetComputerNameA
CreateToolhelp32Snapshot
CreateThread
CreateProcessA
CreateFileA
GlobalMemoryStatus
GetTimeFormatA
GetDateFormatA
GetSystemDirectoryA
GetTempPathA
SetFilePointer
FormatMessageA
GetModuleHandleA
SizeofResource
LockResource
LoadResource
FindResourceW
GetStartupInfoA
CopyFileA
WideCharToMultiByte
MoveFileA
EnterCriticalSection
LeaveCriticalSection
SetEvent
CreateSemaphoreW
CreateEventW
SetConsoleCtrlHandler
ResetEvent
InitializeCriticalSection

Sections

.text
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 11.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9c1b9e8161059d8ce9f12439cadc0af1

Headers

File Characteristics

Imports

msvcrt

msvcp60

advapi32

mpr

netapi32

odbc32

shell32

user32

wininet

ws2_32

kernel32

Sections

.text Size: 80KB - Virtual size: 77KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 28KB - Virtual size: 11.5MB

.rsrc Size: 96KB - Virtual size: 93KB

.text
Size: 80KB - Virtual size: 77KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 28KB - Virtual size: 11.5MB

.rsrc
Size: 96KB - Virtual size: 93KB