db2af55aa4fc468e0d19a521dbcbce7e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

db2af55aa4fc468e0d19a521dbcbce7e_JaffaCakes118
Size

35KB
MD5

db2af55aa4fc468e0d19a521dbcbce7e
SHA1

b0106ee12bfeb4de845cc34bede5887c80a42ba7
SHA256

3a13281fd92382f3020f52dbaa8e0b6d190ed9ce2a241f5ed8f4131367645974
SHA512

8f0a44a84939d65c195f2da5d77e4fb90bb06653f862e110d51e488f38aad158c198ca5212a004614d8233744c3ffd77469a8af83a11047ff34b54b93aaeb152
SSDEEP

768:MPB9hg4GvNoUD5gv7AEIFztbPsbt5GdzyLo:kBavBDM7cbs5GdzO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
db2af55aa4fc468e0d19a521dbcbce7e_JaffaCakes118

Files

db2af55aa4fc468e0d19a521dbcbce7e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

dc03e794b7c89d2f3e9421a018a8a651

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegSetValueExA
RegCreateKeyExA
RegCloseKey

shell32

ShellExecuteA

ws2_32

WSACleanup
socket
ioctlsocket
connect
WSAStartup
WSASocketA
setsockopt
htons
sendto
closesocket

msvcrt

_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_XcptFilter
_exit
_onexit
__dllonexit
memcmp
strtok
_snprintf
_vsnprintf
??1type_info@@UAE@XZ
strchr
strstr
??2@YAPAXI@Z
??3@YAXPAX@Z
_EH_prolog
__CxxFrameHandler
strcpy
strlen
strncpy
malloc
free
strcat
atoi
rand
strcmp
memcpy
memset
srand
sprintf
wcslen
_CxxThrowException
exit

user32

FindWindowExA
SendMessageA
MessageBoxA
GetWindowTextA
SwitchToThisWindow
BlockInput
keybd_event
SetForegroundWindow
SetFocus
VkKeyScanA
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetMenu
FindWindowA
IsWindow
ShowWindow

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

VariantClear
SysFreeString
SysAllocString
VariantInit

kernel32

GetTickCount
ExitThread
QueryPerformanceFrequency
LocalFree
WideCharToMultiByte
GetStartupInfoA
GetFileAttributesA
CreateMutexA
ReleaseMutex
ExpandEnvironmentStringsA
ExitProcess
Sleep
WaitForSingleObject
CreateProcessA
GetLastError
CloseHandle
WriteFile
CreateFileA
GlobalUnlock
GlobalLock
GlobalAlloc
InterlockedDecrement
CopyFileA
GetModuleFileNameA
lstrlenA
SetFileAttributesA
CreateDirectoryA
lstrcatA
GetDriveTypeA
GetLogicalDriveStringsA
GetTempPathA
CreateThread
lstrcmpiA
GetLocaleInfoA
GetVersionExA
LoadLibraryA
GetProcAddress
GetModuleHandleA
TerminateThread
QueryPerformanceCounter

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 274KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dc03e794b7c89d2f3e9421a018a8a651

Headers

File Characteristics

Imports

advapi32

shell32

ws2_32

msvcrt

user32

ole32

oleaut32

kernel32

Sections

.text Size: 21KB - Virtual size: 20KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 5KB - Virtual size: 274KB

.rsrc Size: 4KB - Virtual size: 4KB

.text
Size: 21KB - Virtual size: 20KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 5KB - Virtual size: 274KB

.rsrc
Size: 4KB - Virtual size: 4KB