76acf2ac68c5bef9c26b8971ebcd854f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

76acf2ac68c5bef9c26b8971ebcd854f_JaffaCakes118
Size

516KB
MD5

76acf2ac68c5bef9c26b8971ebcd854f
SHA1

69c05c2b8f1122dcc20aa4bff31c6055a984ec82
SHA256

24162b85a21af82d5cfadb91fbd078c9d591de7d092b0dd7127a4eb0f3126ae5
SHA512

e43b155f16f5f96ab32956dc7abcf5ee47a3d49467cf1ca91a329446d86f6b32a5eeb4cd8bb43622e98db7855aa9cc96a5cbf255e3a621702ed35a203c95c504
SSDEEP

6144:3pZv+5uFQXNKRVSwcBK6sSgowbomYVULS4yIlFSZ2yhMir3KZpeV+TqKT63tS5kH:551QAS1KLowFxSoemkS5k0FCTec

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
76acf2ac68c5bef9c26b8971ebcd854f_JaffaCakes118

Files

76acf2ac68c5bef9c26b8971ebcd854f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d155c5b2dff4e41d50b799455e8ef091

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

sprintf
_errno
strerror
perror
__mb_cur_max
_isctype
_pctype
calloc
_iob
fflush
wcscpy
memcmp
fwrite
system
fputc
wcscat
fprintf
_ftol
rand
__CxxFrameHandler
srand
fseek
ftell
fread
exit
strncmp
atof
memcpy
strchr
_vsnprintf
_stricmp
strcat
strncpy
_CxxThrowException
sscanf
??2@YAPAXI@Z
strlen
strcpy
strcmp
_getpid
_stat
_fileno
??3@YAXPAX@Z
strstr
malloc
fopen
strtok
fgets
fclose
free
memset
atoi
_purecall
printf
??1type_info@@UAE@XZ
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
longjmp
_setjmp3
signal
fputs
gmtime
getenv
_setmode
memchr
tolower
_assert
bsearch
realloc
qsort
time
_memccpy
_strdup
_endthreadex
_beginthreadex
memmove
_controlfp
??0exception@@QAE@ABV0@@Z
_getch

msvcp60

??0out_of_range@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??0out_of_range@std@@QAE@ABV01@@Z
??0logic_error@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??1out_of_range@std@@UAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Xlen@std@@YAXXZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Xran@std@@YAXXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$char_traits@D@std@@SAXAADABD@Z
?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?copy@?$char_traits@D@std@@SAPADPADPBDI@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z

advapi32

RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
DeleteService
ControlService
StartServiceA
CloseServiceHandle
CreateServiceA
OpenSCManagerA
RegCloseKey

kernel32

WaitForSingleObjectEx
InterlockedDecrement
InterlockedIncrement
TlsGetValue
TlsSetValue
GetCurrentThreadId
CreateMutexA
TlsAlloc
ReleaseMutex
WaitForSingleObject
GetStartupInfoA
DeleteFileA
WideCharToMultiByte
TransactNamedPipe
OpenProcess
TerminateProcess
FindResourceA
LoadResource
SizeofResource
SetThreadPriority
MultiByteToWideChar
GetTempPathA
CreateFileA
WriteFile
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
CopyFileA
GetModuleHandleA
GetModuleFileNameA
CloseHandle
FreeConsole
AllocConsole
GetStdHandle
Sleep
GlobalMemoryStatus
GetVersionExA
ExpandEnvironmentStringsA
CreateProcessA
GetTickCount
CreateEventA
ResetEvent
SetEvent
SetLastError
GetLastError
FlushConsoleInputBuffer
GetCurrentProcessId
FreeLibrary
LockResource
QueryPerformanceCounter
ReadFile
TlsFree

user32

wsprintfA

shell32

ShellExecuteA

ws2_32

getservbyname
WSAIoctl
WSASocketA
setsockopt
htonl
sendto
select
bind
listen
accept
__WSAFDIsSet
recv
WSAStartup
WSACleanup
send
closesocket
socket
htons
connect
getsockname
inet_addr
gethostbyaddr
gethostbyname
inet_ntoa
shutdown
WSAGetLastError
WSASetLastError
getpeername
gethostname

netapi32

NetRemoteTOD
NetUseAdd
NetUseDel
NetApiBufferFree
NetScheduleJobAdd
NetUserEnum
NetShareEnum

mpr

WNetAddConnection2W
WNetCancelConnection2W

psapi

EnumProcesses
EnumProcessModules
GetModuleBaseNameA

Sections

.text
Size: 372KB - Virtual size: 369KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d155c5b2dff4e41d50b799455e8ef091

Headers

File Characteristics

Imports

msvcrt

msvcp60

advapi32

kernel32

user32

shell32

ws2_32

netapi32

mpr

psapi

Sections

.text Size: 372KB - Virtual size: 369KB

.rdata Size: 48KB - Virtual size: 44KB

.data Size: 52KB - Virtual size: 66KB

.rsrc Size: 40KB - Virtual size: 36KB

.text
Size: 372KB - Virtual size: 369KB

.rdata
Size: 48KB - Virtual size: 44KB

.data
Size: 52KB - Virtual size: 66KB

.rsrc
Size: 40KB - Virtual size: 36KB