bcd3b70981bf1c16120774209350c168_JaffaCakes118

General

Target

bcd3b70981bf1c16120774209350c168_JaffaCakes118
Size

28KB
MD5

bcd3b70981bf1c16120774209350c168
SHA1

4ae90f19fac06d931500552e806884de78bbf617
SHA256

a8ac69acfbcfe8d91d573b51b2ba7eb1c92a595b9f5d8c25f856a9da82ef6601
SHA512

3735274eb699df9604fa0890c143481f25e91dd98bd0816eef2888a8def649246c30728b0db072ed2e1edb3aaa9ac1a3f84c0fb6653236655fa8e04ea9e90cfb
SSDEEP

384:hSUh/So0A7zQ8Qb6NsH60hJWPIiVuj9LXJhe3nGiiZGgHja/lViSQyLS9:kgfV7zQbMsHb2IpnWN0Gkjanm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bcd3b70981bf1c16120774209350c168_JaffaCakes118

Files

bcd3b70981bf1c16120774209350c168_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e88d3b13d7081c309184c36cd16cd967

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtAllocateVirtualMemory
NtLoadKey
_stricmp
DbgBreakPoint
strncpy
strstr
atol

tapi32

lineGetCallStatus
lineGetDevConfigA
lineGetDevCapsA
lineGetAddressCapsA
lineGetCallInfoA
lineNegotiateExtVersion
lineDrop
lineDeallocateCall
lineSetStatusMessages
lineGetIDA
lineShutdown
lineNegotiateAPIVersion
lineClose
lineMakeCallA
lineSetDevConfigA
lineAnswer
lineAccept
lineInitializeExA
lineOpenA

ws2_32

WSAGetLastError

user32

PostThreadMessageA
TranslateMessage
GetMessageA
DispatchMessageA

advapi32

IsValidSecurityDescriptor
GetSecurityDescriptorLength
RegCloseKey
GetSecurityDescriptorControl

icaapi

IcaMemoryAllocate
IcaMemoryFree
IcaCdWaitForMultipleObjects
IcaCdWaitForSingleObject
IcaCdIoControl

kernel32

SetCommState
ExitProcess
DeviceIoControl
CreateThread
ReleaseMutex
SetupComm
LocalFree
ResetEvent
Sleep
LoadLibraryA
CloseHandle
CreateEventW
GetLastError
FreeLibraryAndExitThread
GetCurrentThreadId
LocalAlloc
Beep
WaitForSingleObject
lstrcpynA
CreateEventA
GetCommState

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 826B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e88d3b13d7081c309184c36cd16cd967

Headers

File Characteristics

Imports

ntdll

tapi32

ws2_32

user32

advapi32

icaapi

kernel32

Sections

.text Size: 11KB - Virtual size: 10KB

.rsrc Size: 10KB - Virtual size: 9KB

.rdata Size: 1024B - Virtual size: 826B

.data Size: 5KB - Virtual size: 48KB

.text
Size: 11KB - Virtual size: 10KB

.rsrc
Size: 10KB - Virtual size: 9KB

.rdata
Size: 1024B - Virtual size: 826B

.data
Size: 5KB - Virtual size: 48KB