b2b90172728ffc97f4281b5cb5f8d41e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b2b90172728ffc97f4281b5cb5f8d41e_JaffaCakes118
Size

920KB
MD5

b2b90172728ffc97f4281b5cb5f8d41e
SHA1

341f7ce90df5c96f36a9dfe02def11ae458585f2
SHA256

1da5a2b70c5881ea318b50964e36d5f9ac4fe5757a65646c213eb4be782d0167
SHA512

1c2cf9ed797f28729ba121e0ee60ffde8c657458f3eb8dcea294b115578484252136a738f5c3957b6fa1a15f997c8e61985a6f5317162f7447e7c93db63d88ef
SSDEEP

6144:+vpus3xaCq/agl5YeqEDGC4ib4JqyrAhK:ucsBaCq/aglvZGCXbaBrK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b2b90172728ffc97f4281b5cb5f8d41e_JaffaCakes118

Files

b2b90172728ffc97f4281b5cb5f8d41e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4ee4ed25c16c7cde69ab715942ee0210

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSAStartup
recvfrom
sendto
closesocket
recv
send
accept
listen
socket
inet_ntoa
connect
WSAGetLastError
htons
setsockopt
bind
select
__WSAFDIsSet
ioctlsocket
gethostbyname

kernel32

lstrlenA
CreateMutexA
WaitForSingleObject
ExitProcess
GetCurrentProcessId
LoadLibraryA
GetProcAddress
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetVersion
GetCurrentThreadId
GetThreadLocale
GetStartupInfoA
GetLocaleInfoA
GetLastError
GetCommandLineA
FreeLibrary
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
CreateFileA
CloseHandle
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
WriteConsoleOutputA
WriteConsoleInputA
WaitForMultipleObjects
VirtualQuery
CreateThread
UnmapViewOfFile
TerminateThread
TerminateProcess
SizeofResource
SetLastError
SetFileAttributesA
SetConsoleWindowInfo
SetConsoleScreenBufferSize
SetConsoleCursorPosition
SetConsoleCtrlHandler
ResumeThread
ReadConsoleOutputA
OpenProcess
GetModuleFileNameA
LockResource
LoadResource
GetWindowsDirectoryA
GetTempPathA
GetModuleHandleA
GetMailslotInfo
GetLocalTime
GetFileAttributesA
GetEnvironmentVariableA
GetCurrentProcess
GetConsoleScreenBufferInfo
GenerateConsoleCtrlEvent
FreeConsole
FindResourceA
FindNextFileA
FindFirstFileA
FindClose
ExitThread
DeleteFileA
CreateProcessA
CreateMailslotA
CreateFileMappingA
CopyFileA
AllocConsole
IsBadWritePtr
IsBadReadPtr
HeapValidate
GetTimeZoneInformation
GetSystemTime
HeapAlloc
DebugBreak
InterlockedDecrement
OutputDebugStringA
InterlockedIncrement
HeapReAlloc
HeapFree
GetVersionExA
HeapDestroy
HeapCreate
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
SetStdHandle
LCMapStringA
LCMapStringW
FlushFileBuffers
CompareStringA
CompareStringW
SetEnvironmentVariableA
WinExec
Sleep
VirtualProtect
MapViewOfFile

advapi32

RegQueryValueExA
SetSecurityDescriptorDacl
CloseServiceHandle
ControlService
CreateServiceA
DeleteService
LockServiceDatabase
OpenSCManagerA
OpenServiceA
QueryServiceStatus
RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceCtrlDispatcherA
StartServiceA
UnlockServiceDatabase
AddAccessAllowedAce
AdjustTokenPrivileges
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
LookupPrivilegeValueA
InitializeSecurityDescriptor
RegDeleteKeyA
OpenProcessToken
RegCreateKeyExA
RegSetValueExA
RegFlushKey
RegCloseKey
RegOpenKeyExA
RegDeleteValueA

user32

PeekMessageA
CharNextA
MessageBoxA
GetKeyboardType

oleaut32

SysFreeString

Sections

.text
Size: 160KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CODE
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 4KB - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: 632KB - Virtual size: 628KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4ee4ed25c16c7cde69ab715942ee0210

Headers

File Characteristics

Imports

wsock32

kernel32

advapi32

user32

oleaut32

Sections

.text Size: 160KB - Virtual size: 157KB

CODE Size: 76KB - Virtual size: 73KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 16KB - Virtual size: 57KB

.idata Size: 8KB - Virtual size: 5KB

DATA Size: 4KB - Virtual size: 572B

BSS Size: 632KB - Virtual size: 628KB

.reloc Size: 12KB - Virtual size: 10KB

.text
Size: 160KB - Virtual size: 157KB

CODE
Size: 76KB - Virtual size: 73KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 16KB - Virtual size: 57KB

.idata
Size: 8KB - Virtual size: 5KB

DATA
Size: 4KB - Virtual size: 572B

BSS
Size: 632KB - Virtual size: 628KB

.reloc
Size: 12KB - Virtual size: 10KB