8d3cacf62254b73d7f24db72aae68eeb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8d3cacf62254b73d7f24db72aae68eeb_JaffaCakes118
Size

689KB
MD5

8d3cacf62254b73d7f24db72aae68eeb
SHA1

cf5d8e1c2c64fd09b961ea89c37ad060d97b98cd
SHA256

639bd968ab16a850e441e60e9f93ba6a0acbf4f4f6c89a870c033ef04d93c4ba
SHA512

f6fbba2ce485cdb5dec0f5585d346d07cd257451421ba1b887334052f1e4256f7200f5ff33e31ee613148106ee17b37b9bda89c77a8ac382354a865eeebc383e
SSDEEP

12288:A6pSJowe1l6j19h0HPCzr+HDg9NXYwKFO7TteqSDG830TC+lHKohg/dssr2MYIfe:9pSJiSh0HaP8SeO7TSDGNThlqld9YIOL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8d3cacf62254b73d7f24db72aae68eeb_JaffaCakes118

Files

8d3cacf62254b73d7f24db72aae68eeb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5af067a7ceafc86fc2076370ad8f1e6b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

bind
listen
accept
WSAStartup
socket
WSACleanup
gethostbyname
inet_addr
ioctlsocket
htons
connect
send
recv
closesocket

wininet

InternetSetOptionA

advapi32

OpenSCManagerA
CreateServiceA
CloseServiceHandle
ChangeServiceConfig2A
OpenServiceA
StartServiceA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus
RegOpenKeyA
RegSetValueExA
RegCloseKey

kernel32

GetStringTypeA
IsBadReadPtr
GetStringTypeW
SetStdHandle
GetACP
GetOEMCP
LCMapStringA
LCMapStringW
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
IsBadCodePtr
CreateMutexA
CloseHandle
WriteFile
CreateFileA
ReadFile
WaitForSingleObject
ReleaseMutex
GetLastError
GetWindowsDirectoryA
CreateThread
Sleep
GetLocalTime
OutputDebugStringA
FindClose
FindNextFileA
FindFirstFileA
SetEvent
CreateEventA
CreateProcessA
DeleteFileA
GetTempPathA
TerminateProcess
ContinueDebugEvent
SetThreadContext
WaitForDebugEvent
GetThreadContext
GetStartupInfoA
GetTickCount
GetProcAddress
LoadLibraryA
CopyFileA
GetModuleFileNameA
TerminateThread
SetFileAttributesA
GetVersionExA
Process32Next
Process32First
CreateToolhelp32Snapshot
GetEnvironmentVariableA
CreateDirectoryA
GetCommandLineA
VirtualProtect
VirtualQuery
EnterCriticalSection
InitializeCriticalSection
InterlockedExchange
DeleteCriticalSection
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
RtlUnwind
GetTimeZoneInformation
GetSystemTime
HeapFree
HeapAlloc
ExitProcess
GetCurrentProcess
GetModuleHandleA
GetVersion
RaiseException
HeapReAlloc
HeapSize
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
WideCharToMultiByte
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
SetFilePointer
FlushFileBuffers
SetUnhandledExceptionFilter
GetCPInfo

Sections

.text
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5af067a7ceafc86fc2076370ad8f1e6b

Headers

File Characteristics

Imports

wsock32

wininet

advapi32

kernel32

Sections

.text Size: 152KB - Virtual size: 151KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 56KB - Virtual size: 77KB

.text
Size: 152KB - Virtual size: 151KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 56KB - Virtual size: 77KB