93f9a89302ec6cc94f18c862c7367d1f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

93f9a89302ec6cc94f18c862c7367d1f_JaffaCakes118
Size

236KB
MD5

93f9a89302ec6cc94f18c862c7367d1f
SHA1

b2d431a5ab9f3e7b44031ae01c97dd56db0f7063
SHA256

49b88dd3ef1d579dc5339c2aeb8dc82e9adebc09170a3661e911da51dcfc2199
SHA512

032e837422561ee0e538b5c92b664a2b15741ceb27786cf46882f8b4af87dc44e9f876a63031af6f97bd928963757646ac235dfa554361dbd3af77bc25d1af1d
SSDEEP

6144:CsUUoM5evfELX7CQQ6RQ5/qwP7ipp4ZdCRqQ:5UUlwYMqwkp4ZdCRp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
93f9a89302ec6cc94f18c862c7367d1f_JaffaCakes118

Files

93f9a89302ec6cc94f18c862c7367d1f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0f713dc1c94336360fc86d1aa79cec81

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSASend
shutdown
WSACleanup
WSAStartup
WSASocketA
htonl
htons
bind
listen
WSACloseEvent
WSARecv
WSAWaitForMultipleEvents
WSAResetEvent
WSAGetOverlappedResult
WSACreateEvent
WSAGetLastError
accept
closesocket

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

MoveFileA
DeleteFileA
CopyFileA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetLocalTime
WriteFile
GetModuleFileNameA
GetVersionExA
FreeLibrary
GetProcAddress
LoadLibraryA
FindClose
FindFirstFileA
GetVolumeInformationA
GetDriveTypeA
SetErrorMode
FindNextFileA
CreateDirectoryA
Beep
GetDateFormatA
GetTimeFormatA
OpenProcess
GetCurrentThreadId
GetCurrentProcess
LocalFree
FormatMessageA
CreateMutexA
OpenEventA
SetEndOfFile
SystemTimeToFileTime
TerminateThread
InterlockedCompareExchange
FileTimeToSystemTime
CompareFileTime
InterlockedIncrement
ReleaseMutex
GetPrivateProfileStringA
WritePrivateProfileStringA
WritePrivateProfileStringW
GetExitCodeProcess
GetStartupInfoA
GetComputerNameA
GetModuleHandleA
SetFileAttributesA
DeviceIoControl
SetThreadPriority
GetCurrentThread
MultiByteToWideChar
CreateSemaphoreA
ReleaseSemaphore
GetStdHandle
SetHandleCount
SetStdHandle
WideCharToMultiByte
UnhandledExceptionFilter
GetCPInfo
TerminateProcess
TlsGetValue
SetLastError
TlsAlloc
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
ExitProcess
GetVersion
GetCommandLineA
RaiseException
RemoveDirectoryA
ResetEvent
WaitForMultipleObjects
WaitForSingleObject
SetEvent
CreateEventA
Sleep
InterlockedDecrement
GetTickCount
IsBadReadPtr
IsBadWritePtr
SetFilePointer
CloseHandle
GetLastError
CreateFileA
ReadFile
GetFileSize
GetACP
GetOEMCP
SetUnhandledExceptionFilter
FlushFileBuffers
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
CompareStringA
CompareStringW
IsBadCodePtr
InterlockedExchangeAdd
FileTimeToLocalFileTime
GetFullPathNameA
GetCurrentDirectoryA
SetEnvironmentVariableA
GetFileType
HeapFree
HeapAlloc
ResumeThread
CreateThread
TlsSetValue
ExitThread
GetFileAttributesA
GetTimeZoneInformation
GetSystemTime
RtlUnwind

user32

wsprintfA
OemToCharBuffW
OemToCharBuffA
CharUpperA
MessageBoxA
CharToOemA
LoadStringA

advapi32

GetSecurityInfo
GetSecurityDescriptorDacl
GetUserNameA
BuildExplicitAccessWithNameA
SetEntriesInAclA
SetSecurityInfo
CreateProcessAsUserA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
LookupPrivilegeValueA
AdjustTokenPrivileges
SetThreadToken
OpenProcessToken
DuplicateTokenEx
ImpersonateLoggedOnUser
RevertToSelf
OpenSCManagerA
OpenServiceA
QueryServiceStatus
StartServiceA
ControlService
CloseServiceHandle
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetTokenInformation

netapi32

NetMessageBufferSend

Sections

.text
Size: 160KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0f713dc1c94336360fc86d1aa79cec81

Headers

File Characteristics

Imports

ws2_32

version

kernel32

user32

advapi32

netapi32

Sections

.text Size: 160KB - Virtual size: 156KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 56KB - Virtual size: 67KB

.rsrc Size: 4KB - Virtual size: 2KB

.text
Size: 160KB - Virtual size: 156KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 56KB - Virtual size: 67KB

.rsrc
Size: 4KB - Virtual size: 2KB