aa806807bda88ea98b56fe887d0868f7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

aa806807bda88ea98b56fe887d0868f7_JaffaCakes118
Size

25KB
MD5

aa806807bda88ea98b56fe887d0868f7
SHA1

5055bc3452b456fa6915c66f0ab81a5064e87f97
SHA256

6b7604f29d3a17df1c4d486160f11149ce84aadb45de10317bad49e6654e256f
SHA512

ca3e6e7fb529b96574e99e9b5d37677bacd9eb01713e0624d5eef3c13f74a73bfda630fb31a72ba969685658cb1ba700e1f5f00bdfa2a05ff50b118606c5464a
SSDEEP

384:uO8SElzo5U9QmY4G+kaKSVQo1nuc9q39+jE6/FM:uDrz4U9lYBBaVQo1ugqWF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aa806807bda88ea98b56fe887d0868f7_JaffaCakes118

Files

aa806807bda88ea98b56fe887d0868f7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2d102f8dc49bc4b1c524565118d72a79

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
LocalFree
GetModuleHandleA
VirtualAlloc
IsBadCodePtr
UnhandledExceptionFilter
VirtualFree
GetSystemInfo
Sleep
GetVersionExA
LocalAlloc
GetModuleFileNameA
GetCurrentProcess
SetUnhandledExceptionFilter
FreeLibrary
LocalReAlloc
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsBadReadPtr
GetProcAddress
DisableThreadLibraryCalls
LoadLibraryA
GetCurrentThreadId
TerminateProcess

ddraw

ReleaseDDThreadLock
DDInternalLock
D3DParseUnknownCommand
CompleteCreateSysmemSurface
DDInternalUnlock
AcquireDDThreadLock

msvcrt

_except_handler3
fclose
__dllonexit
ftell
malloc
_CIsqrt
_CxxThrowException
_initterm
__CxxFrameHandler
exp
fwrite
fflush
_purecall
_CIexp
fopen
_adjust_fdiv
free
sprintf
_CIpow
fseek
_onexit

ws2_32

WSAGetLastError

dhcpcsvc

McastApiStartup

user32

IsRectEmpty
IntersectRect

ntdll

NtCreateKey

advapi32

RegSetValueExA
RegCreateKeyA
RegQueryValueExA
RegOpenKeyA
RegOpenKeyExA
RegCloseKey

Sections

.textbss
Size: - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 440B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2d102f8dc49bc4b1c524565118d72a79

Headers

File Characteristics

Imports

kernel32

ddraw

msvcrt

ws2_32

dhcpcsvc

user32

ntdll

advapi32

Sections

.textbss Size: - Virtual size: 96KB

.text Size: 512B - Virtual size: 440B

.idata Size: 22KB - Virtual size: 22KB

.rdata Size: 512B - Virtual size: 32B

.data Size: 512B - Virtual size: 216B

.textbss
Size: - Virtual size: 96KB

.text
Size: 512B - Virtual size: 440B

.idata
Size: 22KB - Virtual size: 22KB

.rdata
Size: 512B - Virtual size: 32B

.data
Size: 512B - Virtual size: 216B