ddb01cedbffd0043c3f2c3b75c909b32_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ddb01cedbffd0043c3f2c3b75c909b32_JaffaCakes118
Size

157KB
MD5

ddb01cedbffd0043c3f2c3b75c909b32
SHA1

b91ea26a9f1c8cef2d1f5c44e08aea2356e35a97
SHA256

36e74c844d5df3103e9c5773314026a43f4e0c5285f420483f3da863566c54a5
SHA512

4816bf674a905a8261219dccea2c84a444225c068cc15e37f0ede6817225242d994d3d8cfd1126c7035373834d700d76a00e757d0137e6c87ea1f13d7f80df40
SSDEEP

3072:SYWsyA+V8aKH20ll7DqhVe42p9BX8/A1zij:NyA+iXHlll7DqhV8/kSmj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ddb01cedbffd0043c3f2c3b75c909b32_JaffaCakes118

Files

ddb01cedbffd0043c3f2c3b75c909b32_JaffaCakes118
.exe windows:1 windows x86 arch:x86

159d3d46e91fee8f260af33194e199c3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

ShellExecuteW

kernel32

FindFirstFileA
LocalFree
GetConsoleWindow
CreateSemaphoreA
InitializeCriticalSection
WriteFile
GetModuleFileNameA
VirtualFree
GetSystemDefaultLCID
CreateFileW
DefineDosDeviceW
CreateFileA
GetModuleHandleA
DeleteFileA
ReadFile
GetSystemDirectoryW
GetLastError
EnterCriticalSection
GetWindowsDirectoryA
DeleteFileW
GetSystemDirectoryA
OpenProcess
GetFileSizeEx
CloseHandle
FindClose
Thread32First
Sleep
lstrcatA
FindNextFileA
GetCurrentProcess
LeaveCriticalSection
CreateJobSet
GetCommTimeouts
GlobalFree
VirtualAlloc
SetConsoleWindowInfo
EnumResourceLanguagesA
lstrcatW
HeapWalk
LocalHandle
GetVolumePathNamesForVolumeNameW
GetProcAddress
CreateMailslotW
FindActCtxSectionStringW
GetConsoleInputWaitHandle
GetTickCount
DuplicateHandle
RequestWakeupLatency
GetFileAttributesW
lstrcpyW
lstrlenA
GetLocaleInfoA
FindResourceA
CopyFileA
lstrcpyA

advapi32

OpenSCManagerA
OpenProcessToken
EnumServicesStatusA
RegCreateKeyA
CredReadDomainCredentialsA
DeleteService
RegSetValueExA
LookupPrivilegeValueA
RegCloseKey
RegOpenKeyA
AdjustTokenPrivileges
RegisterEventSourceA
BuildImpersonateTrusteeA
CloseServiceHandle
LsaQueryDomainInformationPolicy
RegQueryValueExA

ntdll

strncmp
memset
isdigit
isspace
NtQuerySystemInformation
vsprintf
tolower
strlen
sprintf
wcsstr
_chkstk
RtlInitAnsiString
strstr
RtlFreeUnicodeString
ZwLoadDriver
memcpy
RtlAnsiStringToUnicodeString
NtQueryObject

psapi

EnumProcesses
GetProcessImageFileNameA

ws2_32

WSASetServiceW
inet_addr
send
gethostbyname
WSAAsyncGetHostByAddr
WSCGetProviderPath
select
htonl
socket
WSAResetEvent
recv
connect
htons
__WSAFDIsSet
closesocket
WSAStartup

ole32

CoCreateGuid

user32

ExitWindowsEx
CharLowerW
GetClassNameA

Sections

.data
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 396B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

159d3d46e91fee8f260af33194e199c3

Headers

File Characteristics

Imports

shell32

kernel32

advapi32

ntdll

psapi

ws2_32

ole32

user32

Sections

.data Size: 21KB - Virtual size: 20KB

.text Size: 512B - Virtual size: 396B

.idata Size: 3KB - Virtual size: 2KB

.data
Size: 21KB - Virtual size: 20KB

.text
Size: 512B - Virtual size: 396B

.idata
Size: 3KB - Virtual size: 2KB