c78a9e72d26c3e90548b09813d0027ec_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c78a9e72d26c3e90548b09813d0027ec_JaffaCakes118
Size

25KB
MD5

c78a9e72d26c3e90548b09813d0027ec
SHA1

0f7f1f65d1bb72cea84f943331e79bb0e73306f6
SHA256

b197e51dcce1385c8c87c722d685fbcb3ffc243bf923c136571a27dcdd55e298
SHA512

b0964e462321bc767e7d5498b50ea96338ab5ae527992865dee9ee702542fcccae174680df4bd8da2408527f52d860ff924fefae56639e40a5681a3860bbb01d
SSDEEP

768:mbs7ODEYqegNp5qKaSx/7h69RHRI6/oM:XKDEYqJh5/N69RHu6/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c78a9e72d26c3e90548b09813d0027ec_JaffaCakes118

Files

c78a9e72d26c3e90548b09813d0027ec_JaffaCakes118
.exe windows:4 windows x86 arch:x86

14f11c9645f2d9ee6cebc7d63502b195

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ddraw

D3DParseUnknownCommand
CompleteCreateSysmemSurface
AcquireDDThreadLock
DDInternalUnlock
DDInternalLock
ReleaseDDThreadLock

kernel32

QueryPerformanceCounter
GetVersionExA
GetCurrentThreadId
GetCurrentProcess
GetSystemInfo
VirtualFree
TerminateProcess
SetUnhandledExceptionFilter
LocalReAlloc
GetSystemTimeAsFileTime
GetCurrentProcessId
GetModuleFileNameA
GetModuleHandleA
UnhandledExceptionFilter
GetTickCount
GetProcAddress
LocalAlloc
Sleep
IsBadReadPtr
DisableThreadLibraryCalls
LocalFree
IsBadCodePtr
LoadLibraryA
FreeLibrary
VirtualAlloc

ws2_32

WSAGetLastError

advapi32

RegOpenKeyExA
RegOpenKeyA
RegSetValueExA
RegCloseKey
RegQueryValueExA
RegCreateKeyA

ntdll

NtCreateKey

msvcrt

fseek
fclose
__CxxFrameHandler
free
_CxxThrowException
__dllonexit
_CIexp
fflush
fwrite
_CIpow
_except_handler3
malloc
_initterm
exp
_onexit
ftell
sprintf
fopen
_purecall
_adjust_fdiv
_CIsqrt

user32

IsRectEmpty
IntersectRect

dhcpcsvc

McastApiStartup

Sections

.textbss
Size: - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

14f11c9645f2d9ee6cebc7d63502b195

Headers

File Characteristics

Imports

ddraw

kernel32

ws2_32

advapi32

ntdll

msvcrt

user32

dhcpcsvc

Sections

.textbss Size: - Virtual size: 96KB

.text Size: 512B - Virtual size: 436B

.idata Size: 22KB - Virtual size: 22KB

.rdata Size: 512B - Virtual size: 32B

.data Size: 512B - Virtual size: 216B

.textbss
Size: - Virtual size: 96KB

.text
Size: 512B - Virtual size: 436B

.idata
Size: 22KB - Virtual size: 22KB

.rdata
Size: 512B - Virtual size: 32B

.data
Size: 512B - Virtual size: 216B