dc9e2cc98b0524c2b5abaad61fb91e58_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

dc9e2cc98b0524c2b5abaad61fb91e58_JaffaCakes118
Size

436KB
MD5

dc9e2cc98b0524c2b5abaad61fb91e58
SHA1

4fd78daa5a09be4d101ab770bb1dc4d82738252f
SHA256

399a07cb8e62e14926c917d66f33b1d2e441a8fc795ca26ac00514f8d96ce638
SHA512

d2c298bb706c81a0016143d7884f3e79c79007a7f332beae0037eb82e61ac087cdb0b29c1e2c57f45924d6616bcee0976ad8f401962bbeef5eac1b4558ad29e0
SSDEEP

6144:X3FY67ilNJFDUHsUYkVNTiAMHP8PmyCFvk/wVqAXB/LpcF/xjKDeMs3H3A4pTBy:lZ2HGNTiAMHPqCc45qBH1pTc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dc9e2cc98b0524c2b5abaad61fb91e58_JaffaCakes118

Files

dc9e2cc98b0524c2b5abaad61fb91e58_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bfb31c8096812c70f9f45e5c10271445

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
memcpy
fread
longjmp
_setjmp3
fclose
memmove
atoi
atof
sscanf
wcscmp
wcslen
sprintf
wcscpy
frexp
modf
floor
_CIpow
__p__iob
fprintf
malloc
free
_strdup
realloc
strncmp
strspn
strncpy
strtoul
isdigit
strncat
fflush
exit
getenv
fopen
fgets
isspace
strchr
isalpha
feof
time
fwrite
_errno
isalnum
strstr
isupper
tolower
islower
toupper
strtol
_unlink
strerror
_stat
_rmdir
isxdigit

kernel32

GetModuleHandleW
HeapCreate
VirtualAllocEx
HeapDestroy
ExitProcess
EnterCriticalSection
WaitForSingleObject
LeaveCriticalSection
InitializeCriticalSection
CloseHandle
GetCurrentThreadId
GetCurrentProcessId
HeapAlloc
HeapFree
HeapReAlloc
GetLogicalDriveStringsW
lstrlenA
InterlockedExchange
FormatMessageA
LoadLibraryExA
MoveFileExA
GetLastError
CreateDirectoryA
CreateFileA
MultiByteToWideChar
DeviceIoControl
LocalFree
RemoveDirectoryA
GetFileAttributesExA
LoadLibraryA
GetProcAddress
FreeLibrary
SleepEx
GetFileAttributesA
FindFirstFileA
FindNextFileA
FindClose
WideCharToMultiByte

user32

MessageBoxW
GetWindowThreadProcessId
IsWindowVisible
GetWindowLongA
GetForegroundWindow
IsWindowEnabled
EnableWindow
EnumWindows
SetWindowPos

advapi32

GetUserNameA

comctl32

InitCommonControlsEx

ole32

CoInitialize

secur32

FreeCredentialsHandle
DeleteSecurityContext
InitializeSecurityContextA
FreeContextBuffer
AcquireCredentialsHandleA

wsock32

WSAStartup
WSACleanup
setsockopt
WSAGetLastError
closesocket
socket
connect
htonl
send
WSASetLastError
recv
getsockopt
getsockname
ntohl
ntohs
select
htons
ioctlsocket
inet_ntoa
gethostbyname

shfolder

SHGetFolderPathA

winmm

mciSendCommandW

ntdll

LdrUnloadDll

Sections

.code
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 392KB - Virtual size: 391KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 700B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bfb31c8096812c70f9f45e5c10271445

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

advapi32

comctl32

ole32

secur32

wsock32

shfolder

winmm

ntdll

Sections

.code Size: 3KB - Virtual size: 3KB

.text Size: 392KB - Virtual size: 391KB

.rdata Size: 31KB - Virtual size: 31KB

.data Size: 7KB - Virtual size: 8KB

.rsrc Size: 1024B - Virtual size: 700B

.code
Size: 3KB - Virtual size: 3KB

.text
Size: 392KB - Virtual size: 391KB

.rdata
Size: 31KB - Virtual size: 31KB

.data
Size: 7KB - Virtual size: 8KB

.rsrc
Size: 1024B - Virtual size: 700B