b3bb86421d9bde35b886a394c767bb0c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b3bb86421d9bde35b886a394c767bb0c_JaffaCakes118
Size

140KB
MD5

b3bb86421d9bde35b886a394c767bb0c
SHA1

8d91f0856a24a6ea7ccd7170a925fc6dd7ca6c1b
SHA256

431b2e10f77fbb67e94ecae1b2cb59efac726d6c03e41ccb6c18ef34c4c01c53
SHA512

98d503635a20f5608c194ffe8eca969661b54ed4b88ccbf0115734acf8f70cbb6a5f3aa4f30e3c142d480be37300750917e59235c5ebb0cd2eab766d681a0f82
SSDEEP

3072:kMj60/Q5ib3Q1F8mOoXikQ45k0N3Bq3JDoT3/nVXqmkS:kMEJ1eoQ45nTdXq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b3bb86421d9bde35b886a394c767bb0c_JaffaCakes118

Files

b3bb86421d9bde35b886a394c767bb0c_JaffaCakes118
.exe windows:5 windows x86 arch:x86

0d779c66acf41d6142871a36d4a56dda

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

OpenSCManagerA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegQueryMultipleValuesA
RegSetValueExA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus
CloseServiceHandle
CreateServiceA
RegCloseKey
DeleteService
QueryServiceStatus
ControlService
OpenServiceA

kernel32

CreateEventA
ResetEvent
WaitForSingleObject
SetEvent
GetLastError
DeleteFileA
GetCurrentThreadId
GetLocaleInfoA
ReleaseMutex
Sleep
GetVersionExA
CreateDirectoryA
CloseHandle
CreateProcessA
GetStartupInfoA
CopyFileA
FreeLibrary
GetProcAddress
LoadLibraryA
lstrcpyA
HeapFree
lstrlenA
HeapAlloc
GetProcessHeap
CreateMutexA
SetConsoleCtrlHandler
LocalFree
FormatMessageA
GetModuleFileNameA
FileTimeToSystemTime
GetSystemTime
GetTimeZoneInformation
SetEndOfFile
SetEnvironmentVariableA
GetOEMCP
GetACP
CompareStringW
CompareStringA
GetCPInfo
ReadFile
SetStdHandle
SetFilePointer
CreateFileA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
FindClose
FileTimeToLocalFileTime
GetLocalTime
ExitProcess
GetStdHandle
SetHandleCount
GetFileType
LCMapStringA
WriteFile
GetCurrentDirectoryA
GetFullPathNameA
FindFirstFileA
GetDriveTypeA
GetCurrentProcess
TerminateProcess
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
SetErrorMode
GetVolumeInformationA
GetSystemInfo
GetComputerNameA
UnhandledExceptionFilter
FlushFileBuffers
GetModuleHandleA
LCMapStringW
HeapDestroy
RtlUnwind
GetCommandLineA
GetVersion
WideCharToMultiByte
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc

wsock32

select
WSAStartup
gethostbyname
inet_addr
recv
__WSAFDIsSet
accept
setsockopt
htons
bind
getsockname
listen
inet_ntoa
socket
WSAGetLastError
ntohs
connect
closesocket
gethostbyaddr
ioctlsocket
htonl
WSACleanup
shutdown
send

ws2_32

WSAIoctl

licdscvr

ord3
ord1

licencrypt

ord4

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Exports

Exports

get_machine_id

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0d779c66acf41d6142871a36d4a56dda

Headers

File Characteristics

Imports

advapi32

kernel32

wsock32

ws2_32

licdscvr

licencrypt

version

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 99KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 20KB - Virtual size: 30KB

.tls Size: 4KB - Virtual size: 124B

.rsrc Size: 4KB - Virtual size: 2KB

.text
Size: 100KB - Virtual size: 99KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 20KB - Virtual size: 30KB

.tls
Size: 4KB - Virtual size: 124B

.rsrc
Size: 4KB - Virtual size: 2KB