8cde69f1414b6009ea2a2fb022387161_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8cde69f1414b6009ea2a2fb022387161_JaffaCakes118
Size

536KB
MD5

8cde69f1414b6009ea2a2fb022387161
SHA1

824634467b1b02a494dc9d71f8ba3ff103aa9e34
SHA256

9f653b944f1c0a737835632ff8beb431ec485f0165d8b711482ba68b80fb101e
SHA512

d98f1101df84a0df73d3fd7c4c490617473e5032d8fc9f39388dee9b15e89a8451297823c55f4d6243fcc40576930f9151fe6409ef4d52200b0bdb4dc1193df1
SSDEEP

12288:iMMnMMMMMUXQmqriCJmaeQrVyDsHe/Boj01tLB2:iMMnMMMMMuQmqEQ0ce/BVB2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8cde69f1414b6009ea2a2fb022387161_JaffaCakes118

Files

8cde69f1414b6009ea2a2fb022387161_JaffaCakes118
.exe windows:4 windows x86 arch:x86

67cd8ac585fb627e890ad994af7efbfd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wmi

WmiNotificationRegistrationW

ws2_32

freeaddrinfo
WSAStringToAddressA
getaddrinfo
WSAEventSelect
WSAAddressToStringA
WSALookupServiceEnd
WSASocketW
WSALookupServiceNextW
WSARecvFrom
WSALookupServiceBeginW
WSAAddressToStringW
WSAIoctl
WSASendTo
getnameinfo

ddraw

DirectDrawCreate

kernel32

HeapCreate
WriteFile
CreateTimerQueue
DeleteCriticalSection
GetTickCount
InterlockedExchange
BindIoCompletionCallback
CreateEventW
DeleteTimerQueue
GetCurrentThreadId
HeapFree
ExpandEnvironmentStringsW
UnregisterWaitEx
GetLastError
TerminateProcess
EnterCriticalSection
ChangeTimerQueueTimer
UnhandledExceptionFilter
RegisterWaitForSingleObject
HeapDestroy
LeaveCriticalSection
GetCurrentProcessId
ReleaseMutex
GetCurrentProcess
LoadLibraryW
DisableThreadLibraryCalls
InterlockedIncrement
SetLastError
DeviceIoControl
GetSystemTimeAsFileTime
QueryPerformanceCounter
InterlockedDecrement
VirtualAlloc
QueueUserWorkItem
CloseHandle
DeleteTimerQueueTimer
WaitForSingleObject
WideCharToMultiByte
MultiByteToWideChar
CreateMutexW
UnregisterWait
GetComputerNameExW
GetProcAddress
SetEvent
CreateFileW
CreateTimerQueueTimer
InitializeCriticalSection
SetUnhandledExceptionFilter
FreeLibrary
Sleep
HeapReAlloc
HeapAlloc

ntdll

RtlAdjustPrivilege
NtQuerySemaphore
RtlAddAccessAllowedObjectAce
NtTerminateThread

iphlpapi

NotifyAddrChange
GetAdaptersInfo
NotifyRouteChange
GetAdaptersAddresses

msvcrt

memcpy
wcschr
wcscat
_initterm
malloc
wcslen
_wcsicmp
free
_adjust_fdiv
_except_handler3
memmove
swprintf
memcmp
wcscmp
wcsncpy
strlen
memset
wcscpy

mswsock

AcceptEx
GetAcceptExSockaddrs

rtutils

RouterLogRegisterA
RouterLogEventStringA
RouterGetErrorStringW
LogErrorW
RouterLogEventExA
TraceDumpExA

ole32

CoTaskMemFree
CoInitializeEx
CoUninitialize
CoCreateInstance

dnsapi

DnsReplaceRecordSetW

advapi32

RegCloseKey
RegEnumValueW
CryptGenRandom
RegQueryValueExW
RegEnumKeyExW
CryptReleaseContext
RegisterServiceCtrlHandlerW
SetServiceStatus
RegOpenKeyExW
CryptAcquireContextW

Sections

.text
Size: 4KB - Virtual size: 1008B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 476KB - Virtual size: 475KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

67cd8ac585fb627e890ad994af7efbfd

Headers

File Characteristics

Imports

wmi

ws2_32

ddraw

kernel32

ntdll

iphlpapi

msvcrt

mswsock

rtutils

ole32

dnsapi

advapi32

Sections

.text Size: 4KB - Virtual size: 1008B

.rsrc Size: 476KB - Virtual size: 475KB

.data Size: 8KB - Virtual size: 2.0MB

.idata Size: 4KB - Virtual size: 3KB

.rdata Size: 36KB - Virtual size: 34KB

.reloc Size: 4KB - Virtual size: 96B

.text
Size: 4KB - Virtual size: 1008B

.rsrc
Size: 476KB - Virtual size: 475KB

.data
Size: 8KB - Virtual size: 2.0MB

.idata
Size: 4KB - Virtual size: 3KB

.rdata
Size: 36KB - Virtual size: 34KB

.reloc
Size: 4KB - Virtual size: 96B