95cb1772fcb6a1652514b7c50d8cedf3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

95cb1772fcb6a1652514b7c50d8cedf3_JaffaCakes118
Size

396KB
MD5

95cb1772fcb6a1652514b7c50d8cedf3
SHA1

bbde771c6f253e32b1df3c8fbdd33b28f8f4a682
SHA256

f8f512f0d72a8725585d01c8ffc7d2294dc77615b5810e5a6ac5bba0b8caa062
SHA512

147eb0eb65128046d66bbb85a992ba6df3a48ed36b3580d4f020f44273c8637394681dfeee92685420a57488cfb74c74fadbbef6e114697a890946ab8a9f0778
SSDEEP

6144:NAsfdikEPYA8nxVpvv0KWvvxWTP3MZ4dOAFwWtmae32H8JmRbVsQ1p9fpvv0KWvR:ffdiUVGs5FO28e3NGs5FO28eHFhATz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
95cb1772fcb6a1652514b7c50d8cedf3_JaffaCakes118

Files

95cb1772fcb6a1652514b7c50d8cedf3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7dd19d6c3de25b1faddba32d0f73df3f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
GetModuleHandleA
WritePrivateProfileStringA
GetPrivateProfileStringA
ExitThread
Sleep
LeaveCriticalSection
EnterCriticalSection
GetTickCount
CreateThread
WriteFile
GetConsoleScreenBufferInfo
GetStdHandle
SetConsoleTextAttribute
FormatMessageA
DeleteFileA
ExitProcess
GlobalFree
LockResource
GlobalAlloc
LoadResource
SizeofResource
GetVersionExA
SetFileTime
GetLastError
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
GetSystemDirectoryA
GetSystemWindowsDirectoryA
GetCurrentProcessId
ReadFile
CreateProcessA
SetCurrentDirectoryA
GetStartupInfoA
CreatePipe
GetCurrentDirectoryA
InitializeCriticalSection
TerminateThread
GetPrivateProfileIntA
GetCommandLineA
SetConsoleWindowInfo
SetConsoleScreenBufferSize
CreateFileA
DeviceIoControl
FindResourceA
CloseHandle

user32

IsWindow

mfc42

ord1575
ord815
ord540
ord800
ord860
ord922
ord926
ord537
ord535
ord2818
ord924
ord858
ord665
ord791
ord605
ord5773
ord1979
ord1971
ord1567
ord5796
ord5442
ord6385
ord5478
ord268
ord1638
ord967
ord2029
ord2077
ord3780
ord5856
ord4129
ord5710
ord5683
ord4278
ord2764
ord5186
ord278
ord523
ord354
ord2801
ord6404
ord5461
ord825
ord273
ord524
ord823
ord603
ord2915
ord940
ord939
ord941
ord3811
ord561

msvcrt

strlen
free
strcpy
memset
strcat
strrchr
strncpy
strncmp
malloc
strstr
_snprintf
_beginthreadex
atoi
_getch
_putch
fclose
fwrite
fopen
printf
strchr
memcmp
fprintf
memcpy
fread
ftell
fseek
strtok
strncat
??1type_info@@UAE@XZ
__dllonexit
_onexit
_exit
_XcptFilter
exit
__p___initenv
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
_itoa
__set_app_type
_except_handler3
_controlfp
atol
sprintf
_mbscmp
__CxxFrameHandler
_stricmp
_strnicmp
system
__p__fmode
_strlwr

msvcp60

??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A

wsock32

ioctlsocket
ntohs
send
getpeername
accept
gethostbyname
inet_addr
WSACleanup
connect
setsockopt
WSAStartup
select
closesocket
recv
shutdown
htons
inet_ntoa
bind
socket
gethostname
listen

winmm

PlaySoundA

iphlpapi

GetAdaptersInfo

imagehlp

MapFileAndCheckSumA

psapi

GetModuleFileNameExA
EnumProcessModules

Sections

.text
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 208KB - Virtual size: 206KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 92KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7dd19d6c3de25b1faddba32d0f73df3f

Headers

File Characteristics

Imports

kernel32

user32

mfc42

msvcrt

msvcp60

wsock32

winmm

iphlpapi

imagehlp

psapi

Sections

.text Size: 60KB - Virtual size: 56KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 20KB - Virtual size: 1.0MB

.rsrc Size: 208KB - Virtual size: 206KB

.vmp0 Size: 92KB - Virtual size: 89KB

.reloc Size: 4KB - Virtual size: 536B

.text
Size: 60KB - Virtual size: 56KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 20KB - Virtual size: 1.0MB

.rsrc
Size: 208KB - Virtual size: 206KB

.vmp0
Size: 92KB - Virtual size: 89KB

.reloc
Size: 4KB - Virtual size: 536B