b830253a576160001dc450296c72c71e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b830253a576160001dc450296c72c71e_JaffaCakes118
Size

532KB
MD5

b830253a576160001dc450296c72c71e
SHA1

b7c5e2987c7188b556c951f744361ff2589528e4
SHA256

05af0ea03d05b71c55a6e6e6c0329492159205c9615492907f6814d011745e4e
SHA512

c0ef975280100c43b347e8247be46f346277e5f3899a74a2a66bca01f5c58b30e5ee02154c97b372e50f94d19f48b3efdf36562ce1a11d6abab5a342182c981d
SSDEEP

12288:wZMMnMMMMMUJExD8VpsrJ7fobqn84hJcnQ8uiIPyzFQnHJq:6MMnMMMMMJxDQ+rJ7AbAJcngtPyzFQn0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b830253a576160001dc450296c72c71e_JaffaCakes118

Files

b830253a576160001dc450296c72c71e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ec747e54cbc6edba58395999faaa550e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

dnsapi

DnsReplaceRecordSetW

mswsock

GetAcceptExSockaddrs
AcceptEx

ntdll

NtWaitForSingleObject
RtlAdjustPrivilege
RtlInitUnicodeString

advapi32

RegEnumKeyExW
RegisterServiceCtrlHandlerW
SetServiceStatus
RegCloseKey
CryptGenRandom
CryptReleaseContext
RegQueryValueExW
CryptAcquireContextW
RegEnumValueW
RegOpenKeyExW

msvcrt

_initterm
memmove
wcschr
swprintf
wcscpy
_adjust_fdiv
malloc
free
wcsncpy
_except_handler3
strlen
wcslen
memcmp
wcscat
wcscmp
memcpy
memset
_wcsicmp

iphlpapi

NotifyRouteChange
GetAdaptersInfo
GetAdaptersAddresses
NotifyAddrChange

ddraw

DirectDrawCreate

ole32

CoInitializeEx
CoTaskMemFree
CoUninitialize
CoCreateInstance

ws2_32

getnameinfo
WSAIoctl
WSAAddressToStringW
WSALookupServiceEnd
WSALookupServiceNextW
WSAAddressToStringA
freeaddrinfo
WSASendTo
WSAStringToAddressA
getaddrinfo
WSAEventSelect
WSARecvFrom
WSASocketW
WSALookupServiceBeginW

kernel32

CloseHandle
GetSystemTimeAsFileTime
CreateEventW
DeleteCriticalSection
GetLastError
GetComputerNameExW
WaitForSingleObject
HeapReAlloc
DeviceIoControl
HeapDestroy
DeleteTimerQueueTimer
MultiByteToWideChar
LeaveCriticalSection
GetCurrentThreadId
InterlockedDecrement
HeapFree
WriteFile
ReleaseMutex
CreateFileW
QueueUserWorkItem
ReadFile
UnregisterWaitEx
UnregisterWait
QueryPerformanceCounter
DisableThreadLibraryCalls
HeapAlloc
RegisterWaitForSingleObject
CreateTimerQueue
SetUnhandledExceptionFilter
InterlockedIncrement
Sleep
ExpandEnvironmentStringsW
UnhandledExceptionFilter
InitializeCriticalSection
WideCharToMultiByte
GetCurrentProcessId
SetLastError
TerminateProcess
CreateMutexW
GetTickCount
CreateTimerQueueTimer
HeapCreate
GetProcAddress
LoadLibraryW
GetCurrentProcess
BindIoCompletionCallback
SetEvent
InterlockedExchange
CreateMutexA
VirtualAlloc
ChangeTimerQueueTimer
FreeLibrary

Sections

.text
Size: 4KB - Virtual size: 872B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 424KB - Virtual size: 422KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ec747e54cbc6edba58395999faaa550e

Headers

File Characteristics

Imports

dnsapi

mswsock

ntdll

advapi32

msvcrt

iphlpapi

ddraw

ole32

ws2_32

kernel32

Sections

.text Size: 4KB - Virtual size: 872B

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 88KB - Virtual size: 87KB

.data Size: 8KB - Virtual size: 2.0MB

.rdata Size: 424KB - Virtual size: 422KB

.text
Size: 4KB - Virtual size: 872B

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 88KB - Virtual size: 87KB

.data
Size: 8KB - Virtual size: 2.0MB

.rdata
Size: 424KB - Virtual size: 422KB