db954035973b5c434b53be461d996804_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

db954035973b5c434b53be461d996804_JaffaCakes118
Size

21KB
MD5

db954035973b5c434b53be461d996804
SHA1

d902d17a07a6343620e60839b47888d603a76591
SHA256

d29ad13b2773e1c27bd7243abaf5ef6aebafec952223493037f13cc9c169e3f8
SHA512

8a61a4cae43c87fe9dafc0d6a9a813a3acb6232e94e063a7c168cb465e7ce9c45d3b8f00d543a37b00f33a2deb0d8e4f3b0f4a37b26eaa825dd961f477975ca0
SSDEEP

384:0/+UP9wiG57JJkIDdbhUbkjVPd6e/GKkfyIiWaadmaXwHUN1FT2982:Gf9nE7lDbUIjV1d7Ii7mmaLzl52

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
db954035973b5c434b53be461d996804_JaffaCakes118

Files

db954035973b5c434b53be461d996804_JaffaCakes118
.exe windows:4 windows x86 arch:x86

897e04645822085d1d7d97b9f94a5bee

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetThreadPriority
GetCurrentThread
SetPriorityClass
GetCurrentProcess
lstrcatA
SetProcessPriorityBoost
GetEnvironmentVariableA
GetShortPathNameA
GetModuleFileNameA
InitializeCriticalSection
GetModuleHandleA
GetLastError
GetProcessHeap
HeapFree
HeapAlloc
SetEvent
GetCurrentDirectoryA
CreatePipe
GetStartupInfoA
ResetEvent
CreateProcessA
ReadFile
CreateEventA
Sleep
WaitForSingleObject
CloseHandle
lstrcpyA
GetTickCount
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
GetProcAddress
OpenProcess
TerminateProcess
MultiByteToWideChar
lstrcpynA
lstrlenA
FreeLibrary
LoadLibraryA
GetVersionExA
DeleteCriticalSection

msvcrt

_exit
_onexit
__dllonexit
_XcptFilter
_ftol
time
srand
exit
_acmdln
__getmainargs
??1type_info@@UAE@XZ
_initterm
free
_adjust_fdiv
realloc
malloc
_CxxThrowException
memmove
_chdir
_strnicmp
_wcsnicmp
__setusermatherr
_except_handler3
__set_app_type
__p__fmode
__p__commode
strncmp
rand
abs
sprintf
__CxxFrameHandler
_endthreadex
atof
strncpy
strcat
strcpy
memset
memcpy
strstr
strncat
sscanf
strlen
atoi
??2@YAPAXI@Z
_beginthreadex
??3@YAXPAX@Z
_controlfp

ws2_32

closesocket
WSACloseEvent
gethostname
gethostbyname
inet_ntoa
send
WSAGetLastError
WSAResetEvent
WSAEnumNetworkEvents
ioctlsocket
recv
inet_addr
htons
WSAStartup
WSACreateEvent
WSASocketA
connect
WSAEventSelect
WSAWaitForMultipleEvents

shell32

ShellExecuteExA

msvcp60

??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z
?_Fpz@std@@3_JB
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@H@2@@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
??_D?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??1?$basic_fstream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBDH@Z
?close@?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?open@?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXPBDH@Z
?seekp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@JW4seekdir@ios_base@2@@Z
?tellp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@XZ

crypt32

CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertFreeCertificateContext
CertFreeCertificateChain

advapi32

CreateProcessAsUserA
GetTokenInformation
LookupAccountSidA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
LogonUserA

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

897e04645822085d1d7d97b9f94a5bee

Headers

File Characteristics

Imports

kernel32

msvcrt

ws2_32

shell32

msvcp60

crypt32

advapi32

Sections

.text Size: 12KB - Virtual size: 12KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 1KB - Virtual size: 10KB

.text
Size: 12KB - Virtual size: 12KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 1KB - Virtual size: 10KB