c82bd719a171ce21fa3ec6ba76f09c9c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c82bd719a171ce21fa3ec6ba76f09c9c_JaffaCakes118
Size

576KB
MD5

c82bd719a171ce21fa3ec6ba76f09c9c
SHA1

8ee61aa271853f140d791af82ad373257cd4224f
SHA256

46d66ca93418ff90cdb81a6422071bc342d3c8dc0dc2bc9f95d41e53d94f5148
SHA512

2fb03f1583d02abd241df440906e84efb12d6a6cef4a6f11b15db4202310961a67e1e2b22bbe605c98f158f4d68b5351ccdbfce50a05c59c89b732dc34b90dff
SSDEEP

12288:AqpgqCakyb9YQm56YruwdUmWIWRd14fMU9iLf8wajbzk5hQ:16Qm5PrukRWpm9iLf8wEzkT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c82bd719a171ce21fa3ec6ba76f09c9c_JaffaCakes118

Files

c82bd719a171ce21fa3ec6ba76f09c9c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

12d943108bc435472b21e9987636cc4a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

w:\LMK\Client\Client\bin\release\Client2.pdb

Imports

ws2_32

WSAStartup
closesocket
recv
send
htonl
gethostbyname
inet_ntoa
bind
listen
accept
gethostbyaddr
socket
htons
connect
inet_addr
WSACleanup

iphlpapi

GetAdaptersInfo
GetIpAddrTable

kernel32

CreateFileW
CreateFileA
ReadFile
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidCodePage
IsValidLocale
GetLocaleInfoA
GetStringTypeW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CopyFileA
Sleep
CreateMutexA
OpenMutexA
DeleteFileA
GetModuleFileNameA
WideCharToMultiByte
GetCommandLineW
SetEvent
CreateEventA
CloseHandle
CreateThread
HeapFree
HeapAlloc
GetProcessHeap
Process32Next
Process32First
CreateToolhelp32Snapshot
GetTickCount
WaitForSingleObject
ExitThread
FindClose
FindNextFileA
FindFirstFileA
GetDriveTypeA
GetLogicalDrives
WinExec
SetEndOfFile
GetFileAttributesA
TerminateProcess
GetStringTypeA
FlushFileBuffers
SetFilePointer
GetConsoleMode
GetConsoleCP
LoadLibraryA
InterlockedIncrement
InterlockedDecrement
GetCommandLineA
GetVersionExA
GetStartupInfoA
RtlUnwind
RaiseException
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameW
HeapValidate
IsBadReadPtr
GetProcAddress
GetModuleHandleA
ExitProcess
GetSystemTimeAsFileTime
GetLastError
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetCPInfo
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
FatalAppExitA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapDestroy
HeapCreate
VirtualFree
WriteFile
DebugBreak
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
LoadLibraryW
HeapReAlloc
VirtualAlloc
GetACP
GetOEMCP

advapi32

RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegOpenKeyExA

shell32

ShellExecuteA
CommandLineToArgvW

ole32

CoCreateInstance

oleaut32

SysAllocString
SysStringLen
SysFreeString

Sections

.text
Size: 456KB - Virtual size: 452KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

12d943108bc435472b21e9987636cc4a

Headers

File Characteristics

PDB Paths

Imports

ws2_32

iphlpapi

kernel32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 456KB - Virtual size: 452KB

.rdata Size: 92KB - Virtual size: 91KB

.data Size: 20KB - Virtual size: 26KB

.rsrc Size: 4KB - Virtual size: 248B

.text
Size: 456KB - Virtual size: 452KB

.rdata
Size: 92KB - Virtual size: 91KB

.data
Size: 20KB - Virtual size: 26KB

.rsrc
Size: 4KB - Virtual size: 248B