8283e184339d6d9d302a3d0d4bd7251a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8283e184339d6d9d302a3d0d4bd7251a_JaffaCakes118
Size

128KB
MD5

8283e184339d6d9d302a3d0d4bd7251a
SHA1

e12cbf0996bd6438d177082782f058a5974b0258
SHA256

56fee798330e976eaa89d84b0aa908c97d469573ec20b8884f9457a59b8acdb4
SHA512

bbb036e789a1f6c84573df95240c0763e91b40e7af2b579fe420c41155d27aa2855835bb0983297620ab15ef9e346caacd21cc3b409e90aaa4438f8983f10d97
SSDEEP

1536:rNOnZpCvXCr/M8ydNFk32xYngLTf++Y8JjdJT6KMcUdp2f10Mv86Dyvtp:rNOnvCYM8qY4jvR36KMRpg10MvBDyv3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8283e184339d6d9d302a3d0d4bd7251a_JaffaCakes118

Files

8283e184339d6d9d302a3d0d4bd7251a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

49814c0886503d246f1df837b86908e7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_XcptFilter
_exit
calloc
_beginthreadex
wcscpy
atoi
wcstombs
wcslen
mbstowcs
printf
_access
strncat
vsprintf
??3@YAXPAX@Z
exit
_acmdln
fwrite
fclose
strrchr
_except_handler3
free
malloc
strncpy
sprintf
puts
strstr
putchar
rand
__getmainargs
_controlfp
??2@YAPAXI@Z
__CxxFrameHandler
_ftol
memmove
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
fopen
_initterm

kernel32

Process32Next
GetStartupInfoA
GetModuleHandleA
lstrlenA
MultiByteToWideChar
CreateFileA
GetFileSize
VirtualAlloc
ReadFile
FindFirstFileA
WriteFile
FindClose
CreateToolhelp32Snapshot
Process32First
OpenProcess
TerminateProcess
LoadLibraryW
CreateThread
GetModuleFileNameA
ExitProcess
GetVersionExA
GetCurrentProcessId
FreeLibrary
CloseHandle
Sleep
GetLocalTime
GetTickCount
LoadLibraryA
GetProcAddress

user32

IsWindow
SendMessageA
GetLastInputInfo
CreateWindowExA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

ShellExecuteExA
ShellExecuteA

ws2_32

WSASocketA
htonl
gethostname
getsockname
sendto
connect
setsockopt
WSACleanup
WSAStartup
inet_addr
send
select
recv
ntohs
closesocket
gethostbyname
socket
htons

msvcp60

?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Xran@std@@YAXXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB

msvfw32

ICSendMessage

Sections

.text
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bbbb
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

49814c0886503d246f1df837b86908e7

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

advapi32

shell32

ws2_32

msvcp60

msvfw32

Sections

.text Size: 100KB - Virtual size: 97KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 8KB - Virtual size: 12KB

.bbbb Size: 8KB - Virtual size: 6KB

.text
Size: 100KB - Virtual size: 97KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 8KB - Virtual size: 12KB

.bbbb
Size: 8KB - Virtual size: 6KB