bf9fdd5a6719a75d4e12438747ff1226_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

bf9fdd5a6719a75d4e12438747ff1226_JaffaCakes118
Size

121KB
MD5

bf9fdd5a6719a75d4e12438747ff1226
SHA1

dd668b9f3957ee4a6492a12cd2f2ce8e0a954d88
SHA256

13e800a89e3af6dd0b68fe6435a528d754e308d382e30ce6693c9ba8f41c2eda
SHA512

1bb1bdf921a5e2ae477c0ca246aea2df65930420a7ca110d71e6514eb412b9e355d650f9ac66daa298c95aafd3b8172e6698caa2a883909d4d83a55ffa4ecf3d
SSDEEP

1536:xsYEOrKHN3/w++e0ANbGYLA6EyxieQ4VOfKkeJaQCuBotR5vLIKbmNkq+A1:x3rKHN3/mbANbQFQ9otRptm8C

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bf9fdd5a6719a75d4e12438747ff1226_JaffaCakes118

Files

bf9fdd5a6719a75d4e12438747ff1226_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9c76e4dd3d29ce3924d30446e85f56c7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\Downloader\Release\update.pdb

Imports

kernel32

DeleteFileA
CreateFileA
WriteFile
SetFilePointer
GetLastError
MoveFileA
CloseHandle
GetFileAttributesA
CreateDirectoryA
FindResourceA
LoadResource
GetTickCount
RaiseException
SizeofResource
FindResourceExA
WideCharToMultiByte
LockResource
GetFileSize
ReadFile
CreateProcessA
Sleep
GetTempPathA
GetTempFileNameA
GetPrivateProfileStringA
GetPrivateProfileIntA
CreateToolhelp32Snapshot
Process32First
OpenProcess
TerminateProcess
Process32Next
LoadLibraryA
FreeLibrary
GetProcAddress
MultiByteToWideChar
InterlockedExchange
WaitForSingleObject
CreateEventA
CreateThread
ResumeThread
GetModuleFileNameA
SetCurrentDirectoryA
GetPrivateProfileSectionNamesA
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FlushFileBuffers
FreeEnvironmentStringsA
ExitProcess
HeapCreate
VirtualFree
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
LCMapStringW
GetConsoleMode
GetConsoleCP
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetVersionExA
GetACP
GetLocaleInfoA
GetThreadLocale
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
VirtualAlloc
GetModuleHandleA
VirtualQuery
GetCommandLineA
GetStartupInfoA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStdHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetCurrentProcess
IsDebuggerPresent
GetCPInfo
GetOEMCP
GetStringTypeA
GetStringTypeW
LCMapStringA

user32

MessageBoxA
CharNextA
CharUpperA
UnregisterClassA

shell32

ShellExecuteA
SHGetSpecialFolderPathA

ole32

CLSIDFromString

oleaut32

SysAllocStringLen
SysFreeString

psapi

GetModuleFileNameExA

ws2_32

WSACleanup
WSAStartup
sendto
recv
connect
gethostbyname
inet_addr
bind
htons
htonl
socket
closesocket
send

Sections

.text
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.WYCao
Size: 26KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9c76e4dd3d29ce3924d30446e85f56c7

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

shell32

ole32

oleaut32

psapi

ws2_32

Sections

.text Size: 75KB - Virtual size: 75KB

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 4KB - Virtual size: 13KB

.WYCao Size: 26KB - Virtual size: 42KB

.text
Size: 75KB - Virtual size: 75KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 13KB

.WYCao
Size: 26KB - Virtual size: 42KB