de887658877446ce2bfe5e95472b9f5b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

de887658877446ce2bfe5e95472b9f5b_JaffaCakes118
Size

212KB
MD5

de887658877446ce2bfe5e95472b9f5b
SHA1

93c5a449bb684ee9257aef09435b572699487142
SHA256

5930e2c14194a3cec37de5d1053e4b72616f5423f2d2b4be8bfcb50e9d3c33c7
SHA512

f63cacb0c30e2e16d425cfe06016018ebe6e850555b32c3d227e78525444ff0a4ec6c75f73b3a4c6cd6a8dd756312b0cc59b5e3faa6e89150a0d5eb1e1d43e0d
SSDEEP

6144:jlhuBf/vCSuOlw7bnOaIaWjoWzYAOxjp8:RhuBf/Q7bnjImwYAOxjp8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
de887658877446ce2bfe5e95472b9f5b_JaffaCakes118

Files

de887658877446ce2bfe5e95472b9f5b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

44ecac670dcfe327c49e787740dc43f3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThreadId
SetThreadPriority
CreateFileW
CreateNamedPipeW
lstrlenW
CreateMutexW
CreateThread
ReleaseMutex
ExitThread
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
Sleep
WideCharToMultiByte
WriteFile
MultiByteToWideChar
SetEvent
WaitForMultipleObjects
PeekNamedPipe
HeapValidate
HeapSize
HeapFree
GetProcessHeap
HeapAlloc
ConnectNamedPipe
GetLastError
ResetEvent
WaitForSingleObject
ReadFile
GetOverlappedResult
IsBadCodePtr
CancelIo
DisconnectNamedPipe
CloseHandle
GetTickCount
TerminateThread
CreateEventW
CreateEventA
GetModuleHandleA
GetStartupInfoW
GetModuleHandleW
CreateMutexA
CallNamedPipeA
TlsAlloc
SetLastError
OutputDebugStringA
CreateFileA
GetVersionExA
LoadLibraryA
GetProcAddress
DeviceIoControl
FreeLibrary

user32

CreateWindowExW
DefWindowProcW
CallWindowProcW
GetDlgItem
CheckDlgButton
CheckRadioButton
PostMessageW
PostQuitMessage
CharUpperW
DispatchMessageW
GetMessageW
RegisterClassExW
UpdateWindow
ShowWindow
PeekMessageA
DestroyWindow
IsWindow
SetClassLongW
PostMessageA

advapi32

RegQueryValueExA
CryptAcquireContextA
CryptReleaseContext
CryptSetProvParam
CryptDestroyKey
CryptEncrypt
CryptExportKey
CryptGenKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
CryptGetUserKey
CryptDecrypt
CryptImportKey
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegDeleteKeyA
RegEnumKeyExA
RegDeleteValueA
RegSetValueExA

ole32

CoTaskMemFree
StringFromCLSID
CLSIDFromString

oleaut32

SysAllocString
SysAllocStringLen
SysFreeString
SysStringLen

msvcp60

??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ

wbtapi

??0CWBtAPI@@QAE@XZ
?ClearDeviceStatusCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ConnectToServer@CWBtAPI@@QAE?AW4WBtRc@@_NI00@Z
??1CWBtAPI@@QAE@XZ
?SetOnDeviceStatusCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJJ@Z0@Z
?GapStartInquiry@CWBtAPI@@QAE?AW4WBtRc@@XZ
?BtmDeviceIsReady@CWBtAPI@@QAEHXZ
?MapGuidToUuid@@YAXPAU_GUID@@PAUtBT_UUID@@@Z
?SetOnInquiryCompleteCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJF@Z0@Z
?SetOnDeviceFoundCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11H@Z0@Z
?GapStopInquiry@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearInquiryCompleteCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearDeviceFoundCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?GapStartDiscovery@CWBtAPI@@QAE?AW4WBtRc@@PAEH@Z
?GapStartServiceDiscovery@CWBtAPI@@QAE?AW4WBtRc@@PAEU_GUID@@H@Z
?SetOnDiscoveryEventCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAEGJ@Z0@Z
?GapGetAvailableServices@CWBtAPI@@QAE?AW4WBtRc@@QAEPAHHPAUtBT_SERVICE_INFO@@@Z
?GapBond@CWBtAPI@@QAE?AW4WBtRc@@QAEJ0J@Z

msvcrt

__CxxFrameHandler
_CxxThrowException
wcscpy
sprintf
??2@YAPAXI@Z
wcscmp
wcslen
wcsncat
free
malloc
strncpy
_beginthreadex
vsprintf
isdigit
toupper
_mbscmp
sscanf
atoi
strstr
_purecall
__dllonexit
_onexit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
_exit
_XcptFilter
exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_strupr

ws2_32

ntohl
bind
socket
WSAStartup
sendto

Exports

Exports

sdk_close
sdk_init

Sections

.text
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 113KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

44ecac670dcfe327c49e787740dc43f3

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

msvcp60

wbtapi

msvcrt

ws2_32

Exports

Exports

Sections

.text Size: 87KB - Virtual size: 87KB

.data Size: 8KB - Virtual size: 280KB

.rsrc Size: 1KB - Virtual size: 1KB

.text Size: 113KB - Virtual size: 116KB

.text
Size: 87KB - Virtual size: 87KB

.data
Size: 8KB - Virtual size: 280KB

.rsrc
Size: 1KB - Virtual size: 1KB

.text
Size: 113KB - Virtual size: 116KB