8963573fdc4202112bdf004e85a7ffe4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8963573fdc4202112bdf004e85a7ffe4_JaffaCakes118
Size

43KB
MD5

8963573fdc4202112bdf004e85a7ffe4
SHA1

65b90135b9f99f3db568f192b8766f0e71791a28
SHA256

27b7007c13e79b636cae07aad84b2f205dc96bce309bde60b19f7034f44f9d34
SHA512

02d896d94fbfa481f1bc2a017e28abfed871c456d177456c03b195910a4d0d05a0d4211acae0c3f6387326d2676d2340dc262254832cd9e190ac6ab966a989d9
SSDEEP

768:+ncFTkrh78U/PY088xG+kpyqGwvgEd/9gH5eSvowlRAj9wrTRcD973/mpVTvpSkE:7TkrhIwPfq+oyquEd/9ggwbAZwrTQd/n

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8963573fdc4202112bdf004e85a7ffe4_JaffaCakes118

Files

8963573fdc4202112bdf004e85a7ffe4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d33e403074398734143e1ee3d7b4a5cc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

dhcpcsvc

McastApiStartup

ntdll

NtCreateKey

ddraw

ReleaseDDThreadLock
CompleteCreateSysmemSurface
AcquireDDThreadLock
D3DParseUnknownCommand
DDInternalLock
DDInternalUnlock

ws2_32

WSAGetLastError

kernel32

IsBadReadPtr
GetCurrentThreadId
UnhandledExceptionFilter
GetCurrentProcessId
LocalReAlloc
Sleep
DisableThreadLibraryCalls
GetModuleHandleA
GetSystemInfo
GetModuleFileNameA
QueryPerformanceCounter
VirtualAlloc
FreeLibrary
GetSystemTimeAsFileTime
GetProcAddress
LoadLibraryA
IsBadCodePtr
VirtualFree
TerminateProcess
GetVersionExA
LocalAlloc
GetTickCount
SetUnhandledExceptionFilter
GetCurrentProcess
LocalFree

user32

IsRectEmpty
IntersectRect

msvcrt

malloc
free
fwrite
_CxxThrowException
exp
_CIexp
fseek
fflush
_adjust_fdiv
_CIsqrt
ftell
_except_handler3
__dllonexit
fclose
sprintf
fopen
_onexit
_CIpow
_purecall
__CxxFrameHandler
_initterm

advapi32

RegCreateKeyA
RegSetValueExA
RegOpenKeyA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA

Sections

.textbss
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d33e403074398734143e1ee3d7b4a5cc

Headers

File Characteristics

Imports

dhcpcsvc

ntdll

ddraw

ws2_32

kernel32

user32

msvcrt

advapi32

Sections

.textbss Size: - Virtual size: 1.3MB

.text Size: 512B - Virtual size: 436B

.idata Size: 45KB - Virtual size: 44KB

.rdata Size: 512B - Virtual size: 32B

.data Size: 512B - Virtual size: 448B

.textbss
Size: - Virtual size: 1.3MB

.text
Size: 512B - Virtual size: 436B

.idata
Size: 45KB - Virtual size: 44KB

.rdata
Size: 512B - Virtual size: 32B

.data
Size: 512B - Virtual size: 448B