8cd2bed467e66ccbcb343c615418a39f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8cd2bed467e66ccbcb343c615418a39f_JaffaCakes118
Size

712KB
MD5

8cd2bed467e66ccbcb343c615418a39f
SHA1

e678db5ec8126fc54318916a4a262d5a21511709
SHA256

1acac659d549e1daba2536344b1dc915ca52598a8bbb96a5bccb203f7c64d564
SHA512

bcd92ce390ada0d6d45c9f234a8cc5c2e5e1bbff9520a183c25239c35cb22c20b5f3e227be9119a5a8b5b318b3a083b0d3f1d707d405c8e4b16ec6c93b50a745
SSDEEP

12288:TfuV/aq52mrv/VWq7fMgfLmAiD3e0FSuPIlOH:yFaq52mL/77fMgfSAiu0Jwc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8cd2bed467e66ccbcb343c615418a39f_JaffaCakes118

Files

8cd2bed467e66ccbcb343c615418a39f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0e494a1507adac9022a7a40c5bb6986f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedIncrement
lstrcmpiA
GetCurrentThreadId
GetCommandLineA
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
lstrlenW
LeaveCriticalSection
EnterCriticalSection
MultiByteToWideChar
lstrlenA
GetShortPathNameA
GetModuleHandleA
SetCurrentDirectoryA
GetTickCount
ResetEvent
MapViewOfFileEx
OpenFileMappingA
CreateFileMappingA
UnmapViewOfFile
GetModuleFileNameA
ReadProcessMemory
GetThreadSelectorEntry
GetLastError
LoadLibraryA
CreateToolhelp32Snapshot
Process32First
Process32Next
CreateEventA
CreateThread
WaitForSingleObject
GetCurrentProcessId
GetProcAddress
FreeLibrary
VirtualQueryEx
GetCurrentProcess
GetCurrentThread
CreateFileA
ReadFile
SetFilePointer
VirtualQuery
TlsSetValue
TlsFree
TlsAlloc
TlsGetValue
DeleteFileA
WritePrivateProfileStringA
SetErrorMode
SetUnhandledExceptionFilter
OpenProcess
Sleep
TerminateProcess
CloseHandle
InterlockedDecrement
GetStartupInfoA
SetEvent

user32

CharNextA
PostThreadMessageA
DispatchMessageA
GetMessageA

advapi32

RegCloseKey
RegEnumKeyExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegDeleteKeyA

ole32

CoRevokeClassObject
StringFromCLSID
CoRegisterClassObject
CoInitialize
CoTaskMemFree
CoCreateInstance
CoUninitialize

oleaut32

SafeArrayUnaccessData
SysFreeString
LoadRegTypeLi
SafeArrayAccessData
SysStringLen

ws2_32

closesocket
htons
WSACleanup
recv
WSAGetLastError
__WSAFDIsSet
inet_ntoa
accept
listen
getpeername
ntohs
bind
socket
inet_addr
WSAStartup
gethostbyname
gethostname
htonl
ntohl
select
ioctlsocket
setsockopt
sendto
recvfrom
connect
send

msvcp60

?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??0Init@ios_base@std@@QAE@XZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
?setw@std@@YA?AU?$_Smanip@H@1@H@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UAE@XZ
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??1Init@ios_base@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z

msvcrt

memset
strlen
strrchr
__CxxFrameHandler
strncat
memcpy
_purecall
??2@YAPAXI@Z
memcmp
_CxxThrowException
strncpy
_beginthreadex
fclose
fwrite
fopen
fread
isdigit
_mbsnbcpy
_mbsrchr
_snprintf
_mbsnbcat
strftime
localtime
time
printf
fputc
_iob
srand
rand
strstr
atoi
memmove
_ftol
_mbslwr
calloc
free
_except_handler3
fgetc
?terminate@@YAXXZ
__dllonexit
_onexit
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_strlwr
strcmp
wcstombs

imagehlp

StackWalk
SymGetModuleInfo
SymLoadModule
SymInitialize
SymSetOptions
SymFunctionTableAccess

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

iphlpapi

GetIfEntry
GetAdaptersInfo

wininet

InternetGetConnectedState

Sections

.text
Size: 612KB - Virtual size: 608KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0e494a1507adac9022a7a40c5bb6986f

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

ws2_32

msvcp60

msvcrt

imagehlp

version

iphlpapi

wininet

Sections

.text Size: 612KB - Virtual size: 608KB

.rdata Size: 72KB - Virtual size: 70KB

.data Size: 16KB - Virtual size: 17KB

.rsrc Size: 8KB - Virtual size: 6KB

.text
Size: 612KB - Virtual size: 608KB

.rdata
Size: 72KB - Virtual size: 70KB

.data
Size: 16KB - Virtual size: 17KB

.rsrc
Size: 8KB - Virtual size: 6KB