8e98a3ed8e76c0611f9e10f6dd815e16_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8e98a3ed8e76c0611f9e10f6dd815e16_JaffaCakes118
Size

238KB
MD5

8e98a3ed8e76c0611f9e10f6dd815e16
SHA1

2a292f79de3cac0d1c8967a1b0e6bec1210d55b3
SHA256

0b2bff94ca49c848de87a2af52bb23f4c17eb3e67585a1a7aa2a17bd6cae72fa
SHA512

e7818a0ba4792070718f3e0e23f4c5ba7b2be03e87df455022167dd92c2b1dce077a99f1d25b8fc3e078cdd6e3f0e06609a7d8c2c3951d35d79b53baaf54f573
SSDEEP

3072:MhZJ0sfZady+KI+8td7wN/n8PCuaKXa2OxaVF:MhZJ0eAdAItt6SPCNQ4WF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8e98a3ed8e76c0611f9e10f6dd815e16_JaffaCakes118

Files

8e98a3ed8e76c0611f9e10f6dd815e16_JaffaCakes118
.exe windows:4 windows x86 arch:x86

957e7f4e0923b1fa2719bafbe8f87147

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

gethostbyaddr
ntohl
setsockopt
htonl
bind
sendto
recvfrom
inet_addr
gethostname
inet_ntoa
WSAGetLastError
WSAStartup
gethostbyname
socket
htons
connect
closesocket
WSACleanup
send
recv

comctl32

ImageList_Create
ord17
ImageList_GetImageCount
ImageList_ReplaceIcon
PropertySheetA

mpr

WNetAddConnection2A
WNetCancelConnection2A
WNetCancelConnectionA

kernel32

GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LocalFree
FormatMessageA
lstrcpyA
lstrcatW
SetLastError
lstrlenW
MultiByteToWideChar
GetProcAddress
GetCurrentThreadId
LoadLibraryA
GetVersionExA
Sleep
GetCurrentProcess
WaitForMultipleObjects
CreateThread
TerminateThread
VirtualAlloc
WideCharToMultiByte
lstrlenA
LocalAlloc
WritePrivateProfileStringA
GetPrivateProfileStringA
GetModuleFileNameA
FreeLibrary
TerminateProcess
GetStartupInfoA
InterlockedCompareExchange
InterlockedExchange
GetLastError
GetSystemTimeAsFileTime
GetCurrentProcessId

user32

EnableWindow
LoadCursorA
LoadIconA
RegisterClassA
GetMessageA
TranslateMessage
DispatchMessageA
GetWindowRect
GetDlgItem
SetWindowPos
PostQuitMessage
GetMessagePos
MapWindowPoints
LoadMenuA
ClientToScreen
GetSubMenu
ModifyMenuA
TrackPopupMenu
DestroyMenu
DialogBoxParamA
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetSystemMenu
AppendMenuA
CheckDlgButton
IsDlgButtonChecked
SetDlgItemTextA
MessageBoxA
SetWindowTextA
SendMessageA
PostMessageA
ShowWindow
GetDlgItemTextA
EndDialog
EnableMenuItem

gdi32

DeleteObject

advapi32

OpenSCManagerA
OpenServiceA
CloseServiceHandle
RegConnectRegistryA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegEnumKeyExA
RegQueryInfoKeyA
RegEnumValueA
AbortSystemShutdownA
InitiateSystemShutdownA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
EnumServicesStatusA

shell32

ShellExecuteA

msvcr80

exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
strrchr
isdigit
_crt_debugger_hook
atol
realloc
mbstowcs
asctime
_gmtime64
free
strncpy
_acmdln
atoi
malloc
memcpy
perror
strncat
toupper
memset
sprintf
_decode_pointer
_adjust_fdiv
__p__commode
_except_handler4_common
_invoke_watson
_controlfp_s
__p__fmode
_encode_pointer
__set_app_type
_onexit
_initterm
__setusermatherr
sscanf
_configthreadlocale
_unlock
__dllonexit
_initterm_e
_lock
_stricmp

Exports

Exports

lhxXfY9mIrDZ

Sections

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

957e7f4e0923b1fa2719bafbe8f87147

Headers

File Characteristics

Imports

ws2_32

comctl32

mpr

kernel32

user32

gdi32

advapi32

shell32

msvcr80

Exports

Exports

Sections

.text Size: 76KB - Virtual size: 76KB

.data Size: 512B - Virtual size: 5KB

.rsrc Size: 160KB - Virtual size: 159KB

.text
Size: 76KB - Virtual size: 76KB

.data
Size: 512B - Virtual size: 5KB

.rsrc
Size: 160KB - Virtual size: 159KB