679d3e1df8ee8faa1fb2f5505d086eb9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

679d3e1df8ee8faa1fb2f5505d086eb9_JaffaCakes118
Size

152KB
MD5

679d3e1df8ee8faa1fb2f5505d086eb9
SHA1

a3a6d90e48065825cff994bd506cdc950f241608
SHA256

4113c781b45295a20ccaaed0647fd059c6f8a293e4303fa2095c3677b35ca95b
SHA512

73036dde1c39232d0294e056a2cd97e4a6daca4bfa3cd05ab44a22e0b7f721256bc36212833ad09804db80f6f20f4e657c72fb6efd6d5fea90d58d27f6c4cef0
SSDEEP

3072:HjO4Am1VTCsOc40iUHk13k5Apw6gaDVTgzKGvIp6TyZBjMG7tAR7:HEmHTCsC90k1+Apw6xVtHp6TcoG7t

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
679d3e1df8ee8faa1fb2f5505d086eb9_JaffaCakes118

Files

679d3e1df8ee8faa1fb2f5505d086eb9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a7df7f510f497f25185418b0e75cb3cf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

aspnet_state.pdb

Imports

msvcr71

_controlfp
_onexit
__dllonexit
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
strtol
strstr
wprintf
__security_error_handler
_local_unwind2
_itoa
_c_exit
_exit
_XcptFilter
_cexit
exit
__p___winitenv
_amsg_exit
__wgetmainargs
_purecall
strncmp
_wcsnicmp
towlower
_strnicmp
tolower
strchr

advapi32

RegQueryValueExW
RegOpenKeyExW
RegisterServiceCtrlHandlerW
SetServiceStatus
StartServiceCtrlDispatcherW
RegCloseKey

kernel32

GetProcessAffinityMask
MultiByteToWideChar
lstrlenA
GetLastError
HeapSize
HeapReAlloc
GetCurrentProcessId
GetModuleHandleA
GetCurrentThreadId
FileTimeToSystemTime
FileTimeToLocalFileTime
GetSystemTimeAsFileTime
lstrlenW
InterlockedDecrement
InterlockedIncrement
SetConsoleCtrlHandler
CreateWaitableTimerW
InterlockedCompareExchange
SwitchToThread
ExitProcess
QueryPerformanceCounter
GetTickCount
WideCharToMultiByte
LoadLibraryW
GetProcAddress
HeapCreate
FreeLibrary
HeapDestroy
HeapAlloc
HeapFree
SetEvent
WaitForSingleObject
GetSystemInfo
SetWaitableTimer
Sleep
CloseHandle
CreateThread
CreateEventW

mswsock

AcceptEx
GetAcceptExSockaddrs

ole32

CoInitializeEx
CoUninitialize

ws2_32

gethostbyname
ntohs
inet_ntoa
WSASend
recv
WSACleanup
WSAStartup
closesocket
listen
bind
select
setsockopt
WSAGetLastError
WSASocketW
WSARecv
htons

mscoree

ClrCreateManagedInstance

aspnet_isapi

PerfCounterInitialize
InitializeLibrary
?XspLogEvent@@YAJKPAGZZ
GetXSPHeap
AttachHandleToThreadPool

oleaut32

SysFreeString
SysAllocString

Exports

Exports

_STWNDCloseConnection@4
_STWNDDeleteStateItem@4
_STWNDEndOfRequest@4
_STWNDGetLocalAddress@8
_STWNDGetLocalPort@4
_STWNDGetRemoteAddress@8
_STWNDGetRemotePort@4
_STWNDIsClientConnected@4
_STWNDSendResponse@24

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 27KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a7df7f510f497f25185418b0e75cb3cf

Headers

File Characteristics

PDB Paths

Imports

msvcr71

advapi32

kernel32

mswsock

ole32

ws2_32

mscoree

aspnet_isapi

oleaut32

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 19KB

.data Size: 4KB - Virtual size: 924B

.rsrc Size: 4KB - Virtual size: 1KB

.data Size: 64KB - Virtual size: 128KB

.text Size: 46KB - Virtual size: 46KB

.bss Size: - Virtual size: 27KB

.data Size: 8KB - Virtual size: 8KB

.text
Size: 20KB - Virtual size: 19KB

.data
Size: 4KB - Virtual size: 924B

.rsrc
Size: 4KB - Virtual size: 1KB

.data
Size: 64KB - Virtual size: 128KB

.text
Size: 46KB - Virtual size: 46KB

.bss
Size: - Virtual size: 27KB

.data
Size: 8KB - Virtual size: 8KB