c10f9fbd080e30b1c14017172333ec56_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c10f9fbd080e30b1c14017172333ec56_JaffaCakes118
Size

483KB
MD5

c10f9fbd080e30b1c14017172333ec56
SHA1

baff29b1feb81f037ad5cedad266c7e4b7a1dbde
SHA256

11f3c837ff30fcb5ea51e3534ffbedea200726821d099676b7e672929d5c6f25
SHA512

712147656c13685ed4bf7fc0fadf4c4411f6b58649960de4eea3e67b20b2d828064fa7df3064443813dab30fe570c0635faae06ef39bff46bab9af90e23b1bb6
SSDEEP

12288:PrugheatGbnEtB2xMbDshgVqd9lx4qwlu:qgheakbnEtBZbDshgVqd95

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c10f9fbd080e30b1c14017172333ec56_JaffaCakes118

Files

c10f9fbd080e30b1c14017172333ec56_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d02a683a58d24f4e4d0e1c96ec610b17

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSACleanup
socket
htons
ioctlsocket
connect
closesocket
send
recv
gethostbyname
WSAStartup

user32

GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
ShowWindow
CreateWindowExA
GetWindow
GetWindowTextLengthA
GetWindowTextA
SetTimer
DefWindowProcA
RegisterClassA
DestroyWindow
GetAsyncKeyState
KillTimer
FindWindowA
PostQuitMessage

advapi32

RegQueryValueExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
GetUserNameA
StartServiceCtrlDispatcherA
RegOpenKeyExA
RegSetValueExA
RegCloseKey
GetServiceDisplayNameA
CreateServiceA
StartServiceA
RegisterServiceCtrlHandlerA
SetServiceStatus
OpenSCManagerA
OpenServiceA
DeleteService
CloseServiceHandle

msvcrt

__set_app_type
__p__fmode
_controlfp
__p__commode
_adjust_fdiv
realloc
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
??2@YAPAXI@Z
atoi
memcpy
free
strrchr
strchr
strncpy
rand
_beginthread
__CxxFrameHandler
time
malloc
exit
strcpy
sprintf
strcat
memmove
strlen
abs
memset
_except_handler3
strstr
__setusermatherr
_strnicmp
_strlwr
_stricmp
_ltoa
_strrev

msvcirt

??0ifstream@@QAE@PBDHH@Z
??7ios@@QBEHXZ
??_Difstream@@QAEXXZ
?eof@ios@@QBEHXZ
?getline@istream@@QAEAAV1@PADHD@Z
?close@ifstream@@QAEXXZ
?openprot@filebuf@@2HB
??0ofstream@@QAE@PBDHH@Z
??6ostream@@QAEAAV0@PBD@Z
??_Dofstream@@QAEXXZ
?close@ofstream@@QAEXXZ

kernel32

SetErrorMode
lstrcmpiA
GetCommandLineA
GetModuleFileNameA
GetCurrentProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress
GetCurrentProcessId
FreeLibrary
GetEnvironmentVariableA
FindNextFileA
FindFirstFileA
GetComputerNameA
Process32Next
TerminateProcess
GetExitCodeProcess
OpenProcess
Process32First
CreateToolhelp32Snapshot
FindClose
lstrlenA
lstrcatA
GetSystemInfo
lstrcpyA
GetWindowsDirectoryA
SearchPathA
GetLocalTime
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GetStartupInfoA
CreateProcessA
WaitForSingleObject
Sleep
DeleteFileA
WriteFile
GetVersionExA
MoveFileA
GetFileTime
FileTimeToSystemTime
GetSystemTime
SetFilePointer
CreateFileA
ReadFile
CloseHandle
GetLastError

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d02a683a58d24f4e4d0e1c96ec610b17

Headers

File Characteristics

Imports

wsock32

user32

advapi32

msvcrt

msvcirt

kernel32

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 136KB

.rsrc Size: 4KB - Virtual size: 928B

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 136KB

.rsrc
Size: 4KB - Virtual size: 928B