b42571989b1e91e62358f00e4d149734_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b42571989b1e91e62358f00e4d149734_JaffaCakes118
Size

25KB
MD5

b42571989b1e91e62358f00e4d149734
SHA1

36bda61aaa049af74fc3740b71b29963ccbfa0c0
SHA256

f69c159bc736264acfdb78d7e5ff5d2d79a2641ddeb94af2ccf8bb824ff26f06
SHA512

7691b7ca00e2605a13ca907e4b6f23234b0ca76f30357be406586c055fcb5a6a39f4281cfff83ed5042819eb4fd4dcc626fa62778ee5b6a7d23470499b211c11
SSDEEP

384:hz68TgtHp9zgKyMAiA8D81jrkYvLAImK+d7H77A8z2XEeXDSKTXO/Ue:huigtHbhBAiY10YT2KM7bUi2XJGgXBe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b42571989b1e91e62358f00e4d149734_JaffaCakes118

Files

b42571989b1e91e62358f00e4d149734_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e23082d81adfaf540f24b52fc8aec7a5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

dhcpcsvc

McastApiStartup

ws2_32

WSAGetLastError

advapi32

RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyA
RegCloseKey
RegOpenKeyA

msvcrt

_CxxThrowException
fflush
fopen
fclose
__dllonexit
_except_handler3
_CIsqrt
_adjust_fdiv
_purecall
free
__CxxFrameHandler
fwrite
_initterm
_CIexp
_CIpow
_onexit
ftell
sprintf
fseek
malloc
exp

user32

IsRectEmpty
IntersectRect

ntdll

NtCreateKey

ddraw

DDInternalLock
D3DParseUnknownCommand
ReleaseDDThreadLock
DDInternalUnlock
CompleteCreateSysmemSurface
AcquireDDThreadLock

kernel32

LocalReAlloc
IsBadCodePtr
GetModuleHandleA
GetTickCount
DisableThreadLibraryCalls
VirtualFree
GetSystemInfo
GetSystemTimeAsFileTime
GetCurrentProcessId
VirtualAlloc
Sleep
GetVersionExA
SetUnhandledExceptionFilter
LocalFree
LoadLibraryA
LocalAlloc
GetCurrentThreadId
GetCurrentProcess
UnhandledExceptionFilter
QueryPerformanceCounter
GetProcAddress
FreeLibrary
GetModuleFileNameA
TerminateProcess
IsBadReadPtr

Sections

.textbss
Size: - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e23082d81adfaf540f24b52fc8aec7a5

Headers

File Characteristics

Imports

dhcpcsvc

ws2_32

advapi32

msvcrt

user32

ntdll

ddraw

kernel32

Sections

.textbss Size: - Virtual size: 96KB

.text Size: 512B - Virtual size: 436B

.idata Size: 22KB - Virtual size: 22KB

.rdata Size: 512B - Virtual size: 32B

.data Size: 512B - Virtual size: 216B

.textbss
Size: - Virtual size: 96KB

.text
Size: 512B - Virtual size: 436B

.idata
Size: 22KB - Virtual size: 22KB

.rdata
Size: 512B - Virtual size: 32B

.data
Size: 512B - Virtual size: 216B