8be47e57d9bed60fc048d837ef5278c8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8be47e57d9bed60fc048d837ef5278c8_JaffaCakes118
Size

464KB
MD5

8be47e57d9bed60fc048d837ef5278c8
SHA1

721f12bcc9bd6bb7e284257875c3c49a1d00d1f5
SHA256

62a53df526bf7d5681b6673bd300bacddee9750088e74aa53469b55b03d461fe
SHA512

a88dd8602930c21415f9da6933b3fb6bac119db252efdeabbc89088b562b9da5e456a11c6e93eee44d622e3e1661c5cf3b124362ecfc4e7f05246d04a7816215
SSDEEP

12288:TuJC9mKN4w5UhAGi7xZ5z8QKNzzokmB/fvpr5Z7HSIgJUU1:0lKNFGh+xZ5zK1zonprvz6JUU1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8be47e57d9bed60fc048d837ef5278c8_JaffaCakes118

Files

8be47e57d9bed60fc048d837ef5278c8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b91f72fb43441dca28bf18b3dbb60451

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryW
WaitForSingleObject
RegisterWaitForSingleObject
UnhandledExceptionFilter
CreateMutexA
GetSystemTimeAsFileTime
InterlockedDecrement
TerminateProcess
DeleteTimerQueue
ReadFile
InitializeCriticalSection
QueueUserWorkItem
GetLastError
VirtualAlloc
CreateTimerQueue
ChangeTimerQueueTimer
CreateTimerQueueTimer
HeapDestroy
CreateFileW
GetCurrentProcess
BindIoCompletionCallback
WideCharToMultiByte
InterlockedExchange
UnregisterWaitEx
HeapCreate
InterlockedIncrement
ExpandEnvironmentStringsW
DeviceIoControl
HeapAlloc
GetCurrentThreadId
UnregisterWait
GetCurrentProcessId
HeapReAlloc
EnterCriticalSection
CreateMutexW
SetEvent
DeleteCriticalSection
CloseHandle
Sleep
DisableThreadLibraryCalls
CreateEventW
GetTickCount
SetUnhandledExceptionFilter
QueryPerformanceCounter
HeapFree
FreeLibrary
DeleteTimerQueueTimer
GetProcAddress
ReleaseMutex
SetLastError
LeaveCriticalSection
MultiByteToWideChar

ddraw

DirectDrawCreate

ntdll

RtlGUIDFromString
RtlAdjustPrivilege
NtWaitForMultipleObjects

msvcrt

memmove
_except_handler3
_adjust_fdiv
strlen
wcschr
_wcsicmp
wcslen
wcsncpy
memcpy
memcmp
memset
swprintf
_initterm
wcscmp
malloc
wcscat
wcscpy
free

ole32

CoInitializeEx
CoUninitialize
CoTaskMemFree
CoCreateInstance

ws2_32

WSAAddressToStringA
WSAIoctl
WSARecvFrom
WSASendTo
WSAEventSelect
WSALookupServiceEnd
WSAAddressToStringW
getaddrinfo
freeaddrinfo
getnameinfo
WSAStringToAddressA
WSALookupServiceNextW
WSASocketW
WSALookupServiceBeginW

advapi32

CryptGenRandom
RegEnumValueW
RegOpenKeyExW
RegEnumKeyExW
CryptReleaseContext
RegCloseKey
RegisterServiceCtrlHandlerW
RegQueryValueExW
CryptAcquireContextW
SetServiceStatus

mswsock

GetAcceptExSockaddrs
AcceptEx

iphlpapi

NotifyRouteChange
GetAdaptersInfo
GetAdaptersAddresses
NotifyAddrChange

dnsapi

DnsReplaceRecordSetW

Sections

.text
Size: 4KB - Virtual size: 880B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rdata
Size: 368KB - Virtual size: 366KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b91f72fb43441dca28bf18b3dbb60451

Headers

File Characteristics

Imports

kernel32

ddraw

ntdll

msvcrt

ole32

ws2_32

advapi32

mswsock

iphlpapi

dnsapi

Sections

.text Size: 4KB - Virtual size: 880B

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 72KB - Virtual size: 71KB

.data Size: 8KB - Virtual size: 2.4MB

.reloc Size: 4KB - Virtual size: 64B

.rdata Size: 368KB - Virtual size: 366KB

.text
Size: 4KB - Virtual size: 880B

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 72KB - Virtual size: 71KB

.data
Size: 8KB - Virtual size: 2.4MB

.reloc
Size: 4KB - Virtual size: 64B

.rdata
Size: 368KB - Virtual size: 366KB