6f78aaf3cf768a44595c4098d8a741f1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6f78aaf3cf768a44595c4098d8a741f1_JaffaCakes118
Size

56KB
MD5

6f78aaf3cf768a44595c4098d8a741f1
SHA1

4b5616e35614d77b8253801f9feac594a9f34489
SHA256

4cee8f0b463126979a8db3bcef5f148ee5298bb42036528035ebf9c03354149f
SHA512

f712fc77b37585f8add4a41741f4553be5996a1b4a026a0f2c8f68e533c775e24325f1c4edb75ebb4f9bcd3c8c6b006834eee9204f3dc2bef7d7eeaf84f505a7
SSDEEP

768:IofTv5PmUEWDkncsAEFbZHmwbutVe5WCQUHFylOR0M2jspHw7Dlf:Bv5PmUcrDHmwitVqH9ly60PjsyDF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6f78aaf3cf768a44595c4098d8a741f1_JaffaCakes118

Files

6f78aaf3cf768a44595c4098d8a741f1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

accf42356eb9b241c5317dcf53de9414

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Documents and Settings\Administrator\My Documents\Visual Studio Projects\phwin\Release\phwinm.pdb

Imports

kernel32

RaiseException
InitializeCriticalSection
DeleteCriticalSection
InterlockedDecrement
lstrlenA
GetWindowsDirectoryA
CloseHandle
WriteFile
CreateFileA
lstrcpyA
lstrcatA
GetTickCount
GetLastError
GetCurrentThreadId
ReadFile
GetVersionExA
FlushFileBuffers
InterlockedIncrement
DeleteFileA
Sleep
SetStdHandle
GetSystemInfo
VirtualProtect
LCMapStringW
LCMapStringA
IsBadCodePtr
IsBadReadPtr
LoadLibraryA
GetFileType
GetLocaleInfoA
GetACP
SetFilePointer
InterlockedExchange
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
HeapSize
GetCurrentProcess
TerminateProcess
GetProcAddress
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
VirtualQuery
GetCPInfo
GetOEMCP
SetUnhandledExceptionFilter
GetModuleFileNameA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
HeapAlloc
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
HeapFree
ExitProcess

user32

CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
SetWindowPos
wsprintfA
GetLastInputInfo
MessageBoxA
CharLowerA
CharNextA

advapi32

OpenServiceA
StartServiceA
CloseServiceHandle
OpenSCManagerA

shell32

SHGetPathFromIDListA
SHGetSpecialFolderLocation
ShellExecuteA
SHGetMalloc

ole32

CoInitialize
CoUninitialize

ws2_32

WSAStartup
WSACleanup
closesocket
htons
gethostbyname
socket
WSAGetLastError
send
recv
connect

ntdll

RtlUnwind

iphlpapi

GetAdaptersInfo

wininet

InternetQueryDataAvailable
InternetCloseHandle
InternetOpenUrlA
FtpSetCurrentDirectoryA
InternetOpenA
FtpGetFileA
InternetConnectA
InternetReadFile

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

accf42356eb9b241c5317dcf53de9414

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

ws2_32

ntdll

iphlpapi

wininet

Sections

.text Size: 36KB - Virtual size: 35KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 8KB

.text
Size: 36KB - Virtual size: 35KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 8KB