9fdb9fb0fc88928dda1a4f32ca5c3473_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

9fdb9fb0fc88928dda1a4f32ca5c3473_JaffaCakes118
Size

224KB
MD5

9fdb9fb0fc88928dda1a4f32ca5c3473
SHA1

de17db1539986ffa710e55239d047f7b095126e2
SHA256

1c1e7d4bd9fed086e5903b6341e0cf4a2a617390af4cadf2901a79729339252e
SHA512

83bb45338f3ecc8288016f873af440c6da4d8c2a295705454e07dabe622a7a1f3ddc8e593711b3d2639d9b150e016642a0378ecf5f036c682d2d605045bf3f50
SSDEEP

6144:xSQU4zTSMfsdDrmzWAS8asfgZKNQnHbzIhOROY:AVRME5GWAPaqYKNQ7zIhOp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9fdb9fb0fc88928dda1a4f32ca5c3473_JaffaCakes118

Files

9fdb9fb0fc88928dda1a4f32ca5c3473_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a1beb1b3f5af3d8816a3c2eaee5a1e76

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

getservbyport
gethostbyname
select
__WSAFDIsSet
send
sendto
recvfrom
getsockname
connect
getpeername
gethostname
htonl
ntohl
ntohs
WSASocketA
ioctlsocket
setsockopt
bind
WSAGetLastError
listen
WSAAccept
shutdown
closesocket
WSAStartup
htons

advapi32

CreateServiceA
StartServiceA
RegOpenKeyExA
RegSetValueExA
OpenServiceA
DeleteService
RegDeleteValueA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus
OpenSCManagerA

odbc32

ord75
ord31
ord11
ord24
ord9
ord39
ord7

user32

MessageBoxA

kernel32

GetStringTypeW
GetStringTypeA
CreateProcessA
WaitForSingleObject
GetExitCodeProcess
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CreateFileA
GetTickCount
GetLocaleInfoA
ReadFile
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetCommandLineA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringW
MultiByteToWideChar
LCMapStringA
FlushFileBuffers
IsValidCodePage
Sleep
CloseHandle
LeaveCriticalSection
EnterCriticalSection
FreeConsole
GetCurrentProcessId
GetProcAddress
GetLastError
LoadLibraryA
InitializeCriticalSection
GetFullPathNameA
SearchPathA
GetVersionExA
DeleteCriticalSection
GetCurrentThreadId
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileA
GetSystemTimeAsFileTime
HeapReAlloc
HeapAlloc
ExitThread
CreateThread
HeapFree
DeleteFileA
GetTimeZoneInformation
GetProcessHeap
GetCurrentDirectoryA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WideCharToMultiByte
RtlUnwind
SetFilePointer
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetStdHandle
WriteFile
GetConsoleCP
GetConsoleMode
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapSize
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetModuleFileNameA
GetFileAttributesA
GetCPInfo
GetACP
GetOEMCP

Sections

.text
Size: 176KB - Virtual size: 174KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a1beb1b3f5af3d8816a3c2eaee5a1e76

Headers

File Characteristics

Imports

ws2_32

advapi32

odbc32

user32

kernel32

Sections

.text Size: 176KB - Virtual size: 174KB

.rdata Size: 32KB - Virtual size: 29KB

.data Size: 12KB - Virtual size: 19KB

.text
Size: 176KB - Virtual size: 174KB

.rdata
Size: 32KB - Virtual size: 29KB

.data
Size: 12KB - Virtual size: 19KB