afa962e6c997cb1d369cf5261853e661_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

afa962e6c997cb1d369cf5261853e661_JaffaCakes118
Size

509KB
MD5

afa962e6c997cb1d369cf5261853e661
SHA1

c55b76de75deed669c572eb3ddbc51d6be84240b
SHA256

87b8abb528acca0fafca386b8df985172787e1351a6b07d8396538fd8e6e7bf3
SHA512

2e0db65ab52a20b3f735ce63c0f6631b5867e6a39613680bdc3493d3e035863c05bba340c879202a957ce2f651eb3bb0b0d246d57b25287b70b4ec10bbb1dd45
SSDEEP

12288:dSI1AsUXRsvN2jQ/sCi0EoKmEuES8fIKWMyqyXzLwFs:dS1s728U+EhPfxWvq6d

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
afa962e6c997cb1d369cf5261853e661_JaffaCakes118

Files

afa962e6c997cb1d369cf5261853e661_JaffaCakes118
.exe windows:5 windows x86 arch:x86

1cbda5ffcabdd0797616356c99d79817

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Documents and Settings\Argjend\Desktop\baba\VrX-5 Priv8 -Msn-Yahoo-TIM-EXPLS-DDOS-116kb\Debug\h1dd3n.pdb

Imports

kernel32

ExitThread
Sleep
ExitProcess
CloseHandle
CreateProcessA
GetModuleFileNameA
GetSystemDirectoryA
DeleteFileA
OpenProcess
GetCurrentProcessId
GetLastError
CopyFileA
SetFileAttributesA
GetFileAttributesA
GetModuleHandleA
WaitForSingleObject
CreateMutexA
GetTickCount
TerminateThread
GetTempPathA
CreateThread
LoadLibraryA
GetProcAddress
GlobalUnlock
GlobalLock
GlobalAlloc
GetWindowsDirectoryA
InterlockedDecrement
GetLocaleInfoA
GetVersionExA
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
MultiByteToWideChar
ReadFile
WriteFile
TransactNamedPipe
CreateFileA
GetLocalTime
FormatMessageA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
SetFileTime
GetFileTime
ExpandEnvironmentStringsA
FreeLibrary
GetCurrentProcess
TerminateProcess
GetExitCodeProcess
PeekNamedPipe
DuplicateHandle
CreatePipe
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
InitializeCriticalSection
lstrlenW
SetEnvironmentVariableA
CompareStringW
CompareStringA
VirtualQuery
GetTimeZoneInformation
lstrlenA
GetProcessHeap
SetEndOfFile
GetConsoleOutputCP
WriteConsoleA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetDateFormatA
GetTimeFormatA
GetLocaleInfoW
GetStringTypeW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetConsoleMode
GetStringTypeA
FlushFileBuffers
SetStdHandle
VirtualAlloc
HeapReAlloc
HeapSize
HeapAlloc
GetConsoleCP
LoadLibraryW
OutputDebugStringW
WriteConsoleW
OutputDebugStringA
DebugBreak
VirtualFree
HeapFree
HeapCreate
HeapDestroy
GetModuleHandleW
InterlockedIncrement
RtlUnwind
RaiseException
GetCommandLineA
GetStartupInfoA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameW
HeapValidate
IsBadReadPtr
TlsGetValue
TlsAlloc
TlsSetValue
GetCurrentThreadId
TlsFree
SetLastError
GetCurrentThread
GetStdHandle
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
FatalAppExitA
SetConsoleCtrlHandler
InterlockedExchange
WideCharToMultiByte
LCMapStringA
LCMapStringW
SetFilePointer
GetFileType

user32

SendMessageA
GetMenu
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
VkKeyScanA
ShowWindow
SetFocus
SetForegroundWindow
keybd_event
BlockInput
SwitchToThisWindow
GetWindowTextA
IsWindow
FindWindowExA
FindWindowA

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysFreeString
VariantClear
SysAllocString
VariantInit
GetErrorInfo
VariantChangeType
SetErrorInfo
CreateErrorInfo

ws2_32

__WSAFDIsSet
listen
select
send
socket
closesocket
recv
accept
bind
ioctlsocket
setsockopt
WSAStartup
WSACleanup
connect
htons
inet_addr

Sections

.text
Size: 411KB - Virtual size: 410KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 614KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1cbda5ffcabdd0797616356c99d79817

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

ole32

oleaut32

ws2_32

Sections

.text Size: 411KB - Virtual size: 410KB

.rdata Size: 83KB - Virtual size: 83KB

.data Size: 13KB - Virtual size: 614KB

.rsrc Size: 512B - Virtual size: 436B

.text
Size: 411KB - Virtual size: 410KB

.rdata
Size: 83KB - Virtual size: 83KB

.data
Size: 13KB - Virtual size: 614KB

.rsrc
Size: 512B - Virtual size: 436B