bd141ab6b2cf828e6a398785a408e786_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bd141ab6b2cf828e6a398785a408e786_JaffaCakes118
Size

581KB
MD5

bd141ab6b2cf828e6a398785a408e786
SHA1

789487f24779f63a6df06d692cf5c67d3937d738
SHA256

4b6c9fb73688d550c7171f3b0819719d7d1a6b27a1dac78b6319c5bcdc135903
SHA512

526dd9c7c8856c567e1ccf9af9f056b85eb6fdf0e039e348296373f02dc596222ac67e1c59a46680a253140bf1435f9e75fe167be5a1559ee89f9aeb2292d6db
SSDEEP

12288:bCLROLXOdppVOqu9+5CFSaLqRY0h5rcM0hZLBobuccn0epxVwmn+y63c9iMhnkZu:bCLYedZOq15Cg6ah5v0fW60epxVwmn+W

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bd141ab6b2cf828e6a398785a408e786_JaffaCakes118

Files

bd141ab6b2cf828e6a398785a408e786_JaffaCakes118
.exe windows:6 windows x86 arch:x86

ae299f8a7755e7597c89e6c60658eded

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSACleanup
WSAStartup
shutdown
__WSAFDIsSet
closesocket
getpeername
recv
select
getnameinfo
send
bind
WSAGetLastError
socket
setsockopt
listen
htons
htonl
accept

ssleay32

ord78
ord108

libeay32

ord199
ord1515
ord2291
ord784
ord808
ord811

kernel32

LCMapStringW
CompareStringW
HeapFree
HeapAlloc
GetFullPathNameW
SetFilePointerEx
GetCurrentDirectoryW
SetCurrentDirectoryW
SetEnvironmentVariableW
SetEnvironmentVariableA
CloseHandle
GetLastError
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
WaitForSingleObject
CreateEventA
OpenEventA
GetCurrentProcessId
TerminateProcess
GetCurrentThreadId
TerminateThread
OpenProcess
GetTickCount
PostQueuedCompletionStatus
CreateFileW
CreateIoCompletionPort
GetQueuedCompletionStatus
ReadDirectoryChangesW
MultiByteToWideChar
WideCharToMultiByte
GetDiskFreeSpaceExA
GetExitCodeProcess
CreateFileA
FlushFileBuffers
GetTempPathA
FormatMessageA
CreateDirectoryW
DeleteFileA
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesA
SetEndOfFile
SetFileAttributesA
Sleep
GetStdHandle
GetCommandLineW
GetEnvironmentStrings
FreeEnvironmentStringsA
ReadFile
WriteFile
SetHandleInformation
SetErrorMode
CreatePipe
CreateProcessW
LockFileEx
UnlockFileEx
FreeLibrary
GetProcAddress
DuplicateHandle
GetFileSizeEx
GetCPInfo
MoveFileExW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
DecodePointer
GetProcessHeap
HeapSize
HeapReAlloc
WriteConsoleW
GlobalMemoryStatusEx
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetCommandLineA
ExitProcess
GetModuleFileNameW
PeekNamedPipe
GetFileInformationByHandle
GetDriveTypeW
RemoveDirectoryW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FindFirstFileExW
GetFileAttributesExW
GetTimeZoneInformation
SystemTimeToFileTime
TzSpecificLocalTimeToSystemTime
SetFileTime
DeleteFileW
GetFileType
SetStdHandle
GetModuleHandleExW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwind
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
RaiseException
CreateThread
ExitThread
FreeLibraryAndExitThread

advapi32

StartServiceCtrlDispatcherA
SetServiceStatus
RegisterServiceCtrlHandlerExA
OpenServiceA
OpenSCManagerA
DeleteService
CreateServiceA
CloseServiceHandle
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey

Sections

.text
Size: 327KB - Virtual size: 326KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 133KB - Virtual size: 221KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ae299f8a7755e7597c89e6c60658eded

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

ssleay32

libeay32

kernel32

advapi32

Sections

.text Size: 327KB - Virtual size: 326KB

.rdata Size: 101KB - Virtual size: 100KB

.data Size: 133KB - Virtual size: 221KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 18KB - Virtual size: 17KB

.text
Size: 327KB - Virtual size: 326KB

.rdata
Size: 101KB - Virtual size: 100KB

.data
Size: 133KB - Virtual size: 221KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 18KB - Virtual size: 17KB