67380b2e66dcfe1a4645949e9cfa73bf_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

67380b2e66dcfe1a4645949e9cfa73bf_JaffaCakes118
Size

248KB
MD5

67380b2e66dcfe1a4645949e9cfa73bf
SHA1

899d1645dd9c97a7d129c456e392255bbe1aed76
SHA256

1606893f411d167d5f82c0e05e55c2f4ee64532ba9c93e7c5b897085991a52a8
SHA512

e07997947bb93129c1dbc9b333e5f2c726e79ea0904b509ce3d8ccd2f8283cd7661a56677ef2751f79637588341b6041b4270126718ff72ac188e6c704f0474b
SSDEEP

3072:U/mPL/kw8kx/CrKlZhMbVHvEHzcucGDtTBfLWPYYkj8:YmP7sf8qpvETcPGDtTBalkj8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
67380b2e66dcfe1a4645949e9cfa73bf_JaffaCakes118

Files

67380b2e66dcfe1a4645949e9cfa73bf_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0183c2f4de641ca5669d475791714e7d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

gethostbyname
WSAStartup
gethostname
WSAConnect
closesocket
socket
bind
WSACloseEvent
htons
sendto
ntohs
WSAGetLastError
recvfrom
getsockname
shutdown
connect
recv
WSACleanup
send

kernel32

DeleteFileA
ReadFile
CreateFileA
GetTempPathA
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
GetWindowsDirectoryA
FindClose
FindFirstFileA
CreateEventA
TerminateThread
SetEvent
GetModuleFileNameA
CreateThread
WriteFile
ResetEvent
WaitForMultipleObjects
SetFilePointer
GetShortPathNameA
OpenProcess
CreateDirectoryA
GetFileSize
GetTickCount
SetFileAttributesA
GetFileAttributesA
OpenEventA
CloseHandle
PulseEvent
PeekConsoleInputA
GlobalFindAtomA
Sleep
WaitForSingleObject
GetStartupInfoA
GetModuleHandleA
GlobalAlloc
GlobalFree
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
HeapLock
HeapWalk
HeapUnlock
HeapFree
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
FindNextFileA
GetCurrentProcessId
GetLongPathNameA
GetCurrentProcess
GetVolumeInformationA
GetDriveTypeA
CreateProcessA
DuplicateHandle
GetExitCodeThread
CreatePipe
GetExitCodeProcess
HeapCreate
HeapDestroy
HeapAlloc

user32

PostMessageA
GetDesktopWindow
GetWindow
GetWindowThreadProcessId
GetWindowLongA
GetWindowTextA
GetMessageA
PostThreadMessageA
FindWindowA
GetSystemMetrics
DestroyWindow
SendMessageA
IsWindow
LoadImageA
ReleaseDC
ExitWindowsEx

gdi32

CreateDCA
CreateCompatibleBitmap
CreateCompatibleDC
ResetDCA
SetPixel
SaveDC
GetDIBits
GetObjectA
BitBlt

gdiplus

GdipGetImageEncoders
GdipGetImageEncodersSize
GdipDisposeImage
GdipSaveImageToFile
GdipLoadImageFromFile
GdipAlloc
GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipFree

mfc42

ord323
ord3663
ord3626
ord2414
ord640
ord665
ord1979
ord5186
ord354
ord5785
ord1641
ord1640
ord800
ord1601
ord537
ord3571

msvcrt

rand
_ftol
_purecall
malloc
pow
free
wcscmp
_strupr
_strset
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
srand
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
__dllonexit
_onexit
_controlfp
scanf
memcmp
strchr
memcpy
strlen
strrchr
_CxxThrowException
memset
strcpy
strstr
strcmp
__CxxFrameHandler
sprintf
atan
difftime
_acmdln
ldexp

Sections

.text
Size: 200KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0183c2f4de641ca5669d475791714e7d

Headers

File Characteristics

Imports

ws2_32

kernel32

user32

gdi32

gdiplus

mfc42

msvcrt

Sections

.text Size: 200KB - Virtual size: 196KB

.rdata Size: 28KB - Virtual size: 25KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 12KB - Virtual size: 9KB

.text
Size: 200KB - Virtual size: 196KB

.rdata
Size: 28KB - Virtual size: 25KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 12KB - Virtual size: 9KB