8679aa1b2d71538c0ce2e9591843a6b2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8679aa1b2d71538c0ce2e9591843a6b2_JaffaCakes118
Size

23KB
MD5

8679aa1b2d71538c0ce2e9591843a6b2
SHA1

5fcfbbc8e6d24e2aca6cc3e1df69b87320b31216
SHA256

25c3cbb41b326677abb9afc3ef42c1fd6b0576c5daa0385822fd0ad20dd49dc3
SHA512

0ed5e566bc8505a714d5bb441c51b60a0a1c2365cd37f8078e30c083b45242b62e3cf122ad9aca5a140a8cf2f2712b3ec5d504ecf372ce8983b6c417c29f47e5
SSDEEP

384:fI9yWVMtnJZx7NlWj5lYeNPGGBiPEfYBv9t82/h8dEQ1bqjqoFNbfP:wsWVMtnJvplu/YaPGGBqkYBDb/h8mQJk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8679aa1b2d71538c0ce2e9591843a6b2_JaffaCakes118

Files

8679aa1b2d71538c0ce2e9591843a6b2_JaffaCakes118
.exe windows:5 windows x86 arch:x86

7b93706996c2d38cf8ca997247987d08

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

MenuHelp

setupapi

SetupOpenInfFileA
SetupCloseInfFile
SetupDiOpenClassRegKey
SetupInstallFromInfSectionA

ws2_32

listen
WSALookupServiceNextA
send
WSACleanup
socket
accept
setsockopt
closesocket
bind
WSAStartup

kernel32

LockResource
GetCurrentProcess
GetCurrentProcessId
TerminateProcess
SizeofResource
ExitProcess
FindResourceA
QueryPerformanceCounter
VirtualAlloc
SleepEx
WritePrivateProfileSectionA
CreateSemaphoreA
GetLastError
WritePrivateProfileStringA
WriteConsoleW
GetTickCount
GetCurrentThreadId
CreateFileW
WaitForSingleObject
WritePrivateProfileSectionW
LoadResource

ws2help

WahCloseThread
WahCloseNotificationHandleHelper
WahCloseHandleHelper
WahCloseSocketHandle
WahCompleteRequest

oleaut32

SysAllocStringByteLen
VariantCopyInd
SysReAllocStringLen
VariantClear
SysStringByteLen
SysAllocStringLen
SysFreeString
GetActiveObject
VariantCopy
SafeArrayCreate

gdi32

RestoreDC

user32

LoadStringW

version

VerLanguageNameA

advapi32

LookupPrivilegeValueA
RegCloseKey

wsock32

GetAddressByNameA
EnumProtocolsA
GetTypeByNameA
dn_expand
TransmitFile
SetServiceA
GetNameByTypeA
s_perror
GetServiceA
WSARecvEx
NPLoadNameSpaces

ole32

CLSIDFromProgIDEx
CoCreateInstanceEx
PropVariantChangeType
CLIPFORMAT_UserFree
BindMoniker
CLIPFORMAT_UserSize
CLSIDFromOle1Class
CoCreateInstance
CLSIDFromProgID
CoCreateObjectInContext
CLIPFORMAT_UserMarshal
CLIPFORMAT_UserUnmarshal

msvcrt

_cabs
_c_exit
_assert
_atoi64
_atoldbl
_close
_chgsign
_beep
_chdir
_access
_cgets
_cgetws

comdlg32

ChooseFontA
ChooseColorA

Sections

.textbss
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 150B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.debug
Size: 512B - Virtual size: 407B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7b93706996c2d38cf8ca997247987d08

Headers

File Characteristics

Imports

comctl32

setupapi

ws2_32

kernel32

ws2help

oleaut32

gdi32

user32

version

advapi32

wsock32

ole32

msvcrt

comdlg32

Sections

.textbss Size: - Virtual size: 12KB

.text Size: 16KB - Virtual size: 16KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 150B

.rsrc Size: 2KB - Virtual size: 1KB

.debug Size: 512B - Virtual size: 407B

.textbss
Size: - Virtual size: 12KB

.text
Size: 16KB - Virtual size: 16KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 150B

.rsrc
Size: 2KB - Virtual size: 1KB

.debug
Size: 512B - Virtual size: 407B