d0f2f9beb2a13407d04303419b794260_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d0f2f9beb2a13407d04303419b794260_JaffaCakes118
Size

33KB
MD5

d0f2f9beb2a13407d04303419b794260
SHA1

2b37e50faa6fef8faf66001e5fe321e0d9d757c1
SHA256

1cedffc8055e1c89fb6972fe8a90d26419890a6b5628e94cf145687d0a7bff41
SHA512

52ec15b15813463a7c3098ed7c2dd4b97a2c5dcdc97ea8fab3f977140d4ebcf924eef80d89b294a7d64e71c1ffce88c8d24142cba3d2472606ae5b861c342961
SSDEEP

384:gqE8ApYk8UjmUoEEAKAQLbQDNZRLrg/G2Mw0l4aXHV+WlRuk7NbH:nE8Ur3oEbAsDNZtrgY/3x9lH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d0f2f9beb2a13407d04303419b794260_JaffaCakes118

Files

d0f2f9beb2a13407d04303419b794260_JaffaCakes118
.exe windows:4 windows x86 arch:x86

da44c3cf294d818e8b55e30282235ae9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_SYSTEM

Imports

advapi32

RegCloseKey
RegOpenKeyExA
RegSetValueExA

kernel32

AddAtomA
CloseHandle
CopyFileA
CreateFileA
CreateMutexA
CreateProcessA
CreateThread
ExitProcess
FindAtomA
GetAtomNameA
GetCommandLineA
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetStartupInfoA
GetSystemTime
GetTickCount
GetWindowsDirectoryA
SetUnhandledExceptionFilter
Sleep
WriteFile

mpr

WNetAddConnection2A
WNetCancelConnectionA

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_iob
_onexit
_setmode
abort
atexit
fflush
fprintf
free
malloc
memset
rand
signal
sprintf
srand
strcat
strlen

shell32

ShellExecuteA

user32

MessageBoxA

ws2_32

WSAStartup
accept
bind
closesocket
gethostbyname
htonl
htons
listen
recv
select
send
socket

Exports

Exports

AutoStart
BackDoor@4
L0cal@4
NetSpread
Payload
WinMain@16
extra@4

Sections

.data
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ctors
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 176B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

da44c3cf294d818e8b55e30282235ae9

Headers

File Characteristics

Imports

advapi32

kernel32

mpr

msvcrt

shell32

user32

ws2_32

Exports

Exports

Sections

.data Size: 512B - Virtual size: 192B

.ctors Size: 512B - Virtual size: 4B

.rdata Size: 1024B - Virtual size: 672B

.bss Size: - Virtual size: 176B

.edata Size: 512B - Virtual size: 188B

.idata Size: 2KB - Virtual size: 1KB

.text Size: 6KB - Virtual size: 5KB

.reloc Size: 512B - Virtual size: 432B

.data
Size: 512B - Virtual size: 192B

.ctors
Size: 512B - Virtual size: 4B

.rdata
Size: 1024B - Virtual size: 672B

.bss
Size: - Virtual size: 176B

.edata
Size: 512B - Virtual size: 188B

.idata
Size: 2KB - Virtual size: 1KB

.text
Size: 6KB - Virtual size: 5KB

.reloc
Size: 512B - Virtual size: 432B