69f02cc8f8585671bd20c3c578b83681_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

69f02cc8f8585671bd20c3c578b83681_JaffaCakes118
Size

28KB
MD5

69f02cc8f8585671bd20c3c578b83681
SHA1

e5115ba0293b686715b7d55907cdf969318f8591
SHA256

4ffe53ed6459278756fc40daa773b5b20ff5b9edadecf27fb03828899c14d6a2
SHA512

36851e465dc2a923d8bba28c8dbe2c20c501edab18b38e1c6486d016351fe714b1ddc987298dd7f4c7d776d08ce409cd557d7a2189c06fdf5c65102a83b07958
SSDEEP

768:QHxTwH8u7HEoLCYAbyseiEoZ0znK0GZruWAkVD2RThib:m1w+hbyNzKRZvAkt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
69f02cc8f8585671bd20c3c578b83681_JaffaCakes118

Files

69f02cc8f8585671bd20c3c578b83681_JaffaCakes118
.exe windows:4 windows x86 arch:x86

66754e2649896eac297094e602f04321

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnterCriticalSection
lstrcatA
GetSystemDirectoryA
ReadFile
GetFileSize
IsBadReadPtr
CreateThread
GetTempPathA
ExitProcess
Sleep
LeaveCriticalSection
lstrlenA
CopyFileA
GetModuleFileNameA
InitializeCriticalSection
HeapAlloc
GetProcessHeap
HeapFree
lstrcpynA
GetVersionExA
IsBadStringPtrA
CreateMutexA
WaitForSingleObject
CreateFileA
WriteFile
CloseHandle
WinExec
CreateEventA
GetFullPathNameA
GetProcAddress
GetLastError
LoadLibraryA
DeleteFileA
MoveFileExA

user32

wsprintfA

advapi32

OpenServiceA
OpenSCManagerA
RegOpenKeyExA
RegSetValueExA
RegCloseKey
CreateServiceA
CloseServiceHandle

shell32

ShellExecuteA

msvcp60

?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB

msvcrt

_snprintf
strcpy
atoi
srand
time
free
strlen
__CxxFrameHandler
_EH_prolog
memcpy
memset
strstr
??2@YAPAXI@Z
rand
_itoa

ws2_32

WSAIoctl
shutdown
__WSAFDIsSet
select
accept
listen
bind
htonl
send
recv
closesocket
gethostbyname
htons
socket
setsockopt
connect
inet_ntoa
WSAStartup
WSASocketA
ntohl

Sections

.flat
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 871B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

66754e2649896eac297094e602f04321

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

msvcp60

msvcrt

ws2_32

Sections

.flat Size: 14KB - Virtual size: 14KB

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 871B

.flat
Size: 14KB - Virtual size: 14KB

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 871B