c0e86bc1d03e2a180936e3cc39d43773_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c0e86bc1d03e2a180936e3cc39d43773_JaffaCakes118
Size

72KB
MD5

c0e86bc1d03e2a180936e3cc39d43773
SHA1

db0411051c01cb94405782d28e9703f65a94ca42
SHA256

9ad68d7a0c6d88eaa32c0680a0916cc4959d3f459ff2510dfd6ea1bdde19a6a0
SHA512

aea01258ee29789431db04adb1edd6748683e03efae02885cf43b60107a606d6829df88a9a8bb4dd2323bc9d35723ff044fd7ae1781889f5653caef1bc0d942e
SSDEEP

768:nlWaILEP0KVZb1nMBKnikN/b7Gq2qNs5XtxJvctXEKxz77bULz08xWP2hsbOj:nkeP0KnZMwFGqzNsPxFA0gzQ0qoi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c0e86bc1d03e2a180936e3cc39d43773_JaffaCakes118

Files

c0e86bc1d03e2a180936e3cc39d43773_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a8c42c6bc1230521dcfae10d878ca46f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAGetLastError
gethostbyname
inet_ntoa
inet_addr
htons
socket
connect
WSAAsyncSelect
WSAStartup
WSACleanup
closesocket
recv
send

shell32

SHGetFileInfoA
ShellExecuteA

kernel32

LoadLibraryA
ResumeThread
CreateThread
GlobalMemoryStatus
GetVersionExA
GetLogicalDrives
GetDriveTypeA
FindClose
GetFileAttributesA
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileA
RemoveDirectoryA
LocalAlloc
InitializeCriticalSection
CreateProcessA
GetStartupInfoA
CreatePipe
LeaveCriticalSection
ReadFile
EnterCriticalSection
GetProcAddress
OpenProcess
DeleteCriticalSection
GlobalFree
GlobalReAlloc
GlobalUnlock
CreateDirectoryA
GlobalAlloc
LocalFree
MapViewOfFile
UnmapViewOfFile
GetModuleHandleA
CloseHandle
GetLastError
CreateMutexA
ExitProcess
WinExec
CopyFileA
GlobalLock
DeleteFileA
GetModuleFileNameA
FreeLibrary
SetFileAttributesA
GetSystemDirectoryA
CreateToolhelp32Snapshot
Process32First
Process32Next
GetCurrentProcess
Sleep
GetTempPathA
lstrcpyA
lstrcatA
CreateFileA
WriteFile
TerminateProcess
ExpandEnvironmentStringsA

user32

DefWindowProcA
PostQuitMessage
ExitWindowsEx
DispatchMessageA
TranslateMessage
MessageBeep
MessageBoxA
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetDC
ReleaseDC
GetWindowDC
LoadIconA
LoadCursorA
RegisterClassExA
CreateWindowExA
ShowWindow
GetMessageA
UpdateWindow

gdi32

BitBlt
CreatePalette
SelectObject
CreateCompatibleBitmap
GetDeviceCaps
CreateCompatibleDC
CreateDCA
DeleteObject
GetDIBits
RealizePalette
SelectPalette
GetStockObject
GetObjectA
DeleteDC

advapi32

ChangeServiceConfigA
GetSecurityInfo
SetEntriesInAclA
SetSecurityInfo
RegQueryInfoKeyA
RegEnumValueA
RegEnumKeyExA
EnumServicesStatusA
QueryServiceConfigA
RegQueryValueExA
RegCloseKey
RegisterServiceCtrlHandlerA
SetServiceStatus
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
StartServiceA
RegOpenKeyExA
RegRestoreKeyA
OpenSCManagerA
OpenServiceA
QueryServiceStatus
ControlService
CloseServiceHandle
StartServiceCtrlDispatcherA

winmm

waveInStart
waveInAddBuffer
waveInPrepareHeader
waveInOpen
waveInClose
waveInReset
waveInUnprepareHeader

msvcp60

??0Init@ios_base@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ

msvcrt

_controlfp
_strlwr
_itoa
_ftol
memcpy
memset
??2@YAPAXI@Z
__CxxFrameHandler
_stricmp
strcat
strstr
strlen
strcpy
atoi
strncpy
strcspn
sprintf
printf
malloc
free
_mbscmp
__dllonexit
_onexit
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3

mfc42

ord354
ord6385
ord800
ord3692
ord3626
ord3663
ord1641
ord537
ord860
ord540
ord535
ord5856
ord858
ord668
ord3178
ord2781
ord2393
ord2770
ord356
ord1979
ord3176
ord2915
ord4058
ord6648
ord2764
ord941
ord640
ord2859
ord323
ord2452
ord1158
ord3571
ord1640
ord5785
ord1980
ord2414
ord4171
ord5186
ord665
ord3318
ord5442

Sections

.text
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a8c42c6bc1230521dcfae10d878ca46f

Headers

File Characteristics

Imports

ws2_32

shell32

kernel32

user32

gdi32

advapi32

winmm

msvcp60

msvcrt

mfc42

Sections

.text Size: 40KB - Virtual size: 36KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 16KB - Virtual size: 16KB

.rsrc Size: 4KB - Virtual size: 2KB

.text
Size: 40KB - Virtual size: 36KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 16KB - Virtual size: 16KB

.rsrc
Size: 4KB - Virtual size: 2KB