bbdb770ab4828022a353976ac897a266_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bbdb770ab4828022a353976ac897a266_JaffaCakes118
Size

155KB
MD5

bbdb770ab4828022a353976ac897a266
SHA1

6fa84f130bd97248b616f6e0d0f29767fb633fc0
SHA256

a91fe1913b3631e8559e44e42601ef5cda5ba1d388fe7361e84d497af8c6c976
SHA512

7be4ffff4e1bfdc7f36ed301f05951ab478de0a1799905fc54eeff1d158613e61e50471c0a5d1c3239471c9e88bb2c826deab63e4c28ec41afafc36973218c70
SSDEEP

1536:adQuUpWd29cIERBpmhOCOnyOKKdLEeA884azOOlXQkn9F3UCFw:adWWM9cIERzmh1KFvAtNOOlV9FkC2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bbdb770ab4828022a353976ac897a266_JaffaCakes118

Files

bbdb770ab4828022a353976ac897a266_JaffaCakes118
.exe windows:1 windows x86 arch:x86

e9d4a1556c36b8c9fddfc687794596e9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitThread
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetComputerNameA
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetDiskFreeSpaceExA
GetDriveTypeA
GetLastError
GetLocalTime
GetLogicalDrives
GetModuleFileNameA
GetModuleHandleA
CloseHandle
GetProcAddress
GetProcessHeap
GetSystemDirectoryA
GetSystemInfo
GetTickCount
GetVersionExA
GlobalMemoryStatus
HeapAlloc
HeapFree
LoadLibraryA
MapViewOfFile
OpenProcess
CreateEventA
PeekNamedPipe
QueryPerformanceCounter
QueryPerformanceFrequency
ReadFile
ReadProcessMemory
RtlUnwind
RtlZeroMemory
SetEvent
SetFileAttributesA
Sleep
TerminateProcess
TerminateThread
UnmapViewOfFile
CreatePipe
VirtualQueryEx
WaitForMultipleObjects
CreateProcessA
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcmpiA
CreateThread
DeleteFileA
DeviceIoControl
DisconnectNamedPipe
DuplicateHandle

advapi32

EqualSid
AdjustTokenPrivileges
AllocateAndInitializeSid
GetSidIdentifierAuthority
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
LookupAccountSidA
LookupPrivilegeValueA
OpenEventLogA
OpenProcessToken
OpenSCManagerA
OpenServiceA
QueryServiceStatus
RegCloseKey
RegCreateKeyExA
RegDeleteValueA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegisterServiceCtrlHandlerA
ClearEventLogA
SetServiceStatus
StartServiceA
StartServiceCtrlDispatcherA
CloseEventLog
CloseServiceHandle
ControlService
CreateServiceA
DeleteService

crtdll

_itoa
__GetMainArgs
_open
_strcmpi
_strnicmp
_strupr
toupper
_wcsicmp
_write
atoi
exit
free
malloc
mbstowcs
memcmp
memcpy
memset
printf
raise
signal
sprintf
sscanf
strcat
strcmp
strcpy
strlen
strstr
strtok
wcscpy
_close

netapi32

NetUserSetInfo

psapi

EnumProcessModules
GetModuleFileNameExA

user32

EnumDisplaySettingsA
ExitWindowsEx

wininet

InternetGetConnectedState

wsock32

WSACleanup
WSAStartup
accept
bind
closesocket
connect
gethostbyname
gethostname
getservbyname
htonl
htons
inet_addr
inet_ntoa
listen
recv
send
socket

Sections

code
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e9d4a1556c36b8c9fddfc687794596e9

Headers

File Characteristics

Imports

kernel32

advapi32

crtdll

netapi32

psapi

user32

wininet

wsock32

Sections

code Size: 152KB - Virtual size: 152KB

.avp Size: 3KB - Virtual size: 4KB

code
Size: 152KB - Virtual size: 152KB

.avp
Size: 3KB - Virtual size: 4KB