834dfc9c2f9ba388b7af70401c3e6079_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

834dfc9c2f9ba388b7af70401c3e6079_JaffaCakes118
Size

74KB
MD5

834dfc9c2f9ba388b7af70401c3e6079
SHA1

1dac6a8d954d5e07c5adc1dbd3f13a0a2f45e40d
SHA256

760eacceab2381bc10489e821964f402040645729c958ea25fbca5bdefccc72c
SHA512

4ca7475aff982a1ebf357985e4bb9f9a781f216f4204550406758ea18cc854394dbd711ecbf0c08cdb7b9060aab25fbd7d70819daf1d6a75c65a39d0931d3ece
SSDEEP

1536:FHCz6l7VAuD7lhiSxfepcvp9XSAnowJFMm:Uz6l7Vv7rzYCdSAnowJFMm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
834dfc9c2f9ba388b7af70401c3e6079_JaffaCakes118

Files

834dfc9c2f9ba388b7af70401c3e6079_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8776cd84ebe9ab08de7e3a9c49b32eb6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

shutdown
getsockname
gethostbyname
inet_ntoa
ntohl
htonl
ioctlsocket
setsockopt
bind
listen
accept
inet_addr
select
WSAStartup
WSACleanup
htons
socket
connect
send
closesocket
recv

user32

FindWindowA
IsWindow
SendMessageA
FindWindowExA

advapi32

ControlService
CreateServiceA
LockServiceDatabase
QueryServiceLockStatusA
ChangeServiceConfig2A
UnlockServiceDatabase
OpenSCManagerA
OpenServiceA
StartServiceA
CloseServiceHandle
RegisterServiceCtrlHandlerA
SetServiceStatus
RegOpenKeyExA
RegQueryValueExA
StartServiceCtrlDispatcherA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
DeleteService

shfolder

SHGetFolderPathA

kernel32

GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
SetHandleCount
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetCurrentProcess
GetStdHandle
GetFileType
RtlUnwind
SetStdHandle
FlushFileBuffers
SetFilePointer
CreateFileA
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
SetEndOfFile
FreeEnvironmentStringsW
SetFileAttributesA
TerminateProcess
CloseHandle
CreateProcessA
ExitThread
ExitProcess
GetTempPathA
GetSystemDefaultLangID
GetTickCount
Sleep
CreateThread
ReleaseMutex
CreateMutexA
lstrcmpiA
GetLastError
CreateDirectoryA
GetModuleFileNameA
GetModuleHandleA
OpenMutexA
SetErrorMode
CopyFileA
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
DeleteFileA
LocalFree
LocalAlloc
GetVersionExA
GetLocaleInfoA
TerminateThread
WaitForSingleObject
HeapAlloc
GetStartupInfoA
GetCommandLineA
GetVersion
HeapFree
WriteFile
ReadFile
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc

Sections

.text
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8776cd84ebe9ab08de7e3a9c49b32eb6

Headers

File Characteristics

Imports

ws2_32

user32

advapi32

shfolder

kernel32

Sections

.text Size: 50KB - Virtual size: 49KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 19KB - Virtual size: 28KB

.text
Size: 50KB - Virtual size: 49KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 19KB - Virtual size: 28KB