df8deab24fbd01d7ba78c292dfc2dae7_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

df8deab24fbd01d7ba78c292dfc2dae7_JaffaCakes118
Size

76KB
MD5

df8deab24fbd01d7ba78c292dfc2dae7
SHA1

3d49e9d22dd43b3caddaa4829349713ef2c16ed2
SHA256

5ba26a339bb8e7412ce332e194439a2be000644694d302d8d7a14361e111fd54
SHA512

f949493687b6f70d923961b9bd90b957372c666f9b732dae71e36df6f99e732ddf84e2ded696b2fef857511d03e7bda1d30e75e630b9c5be071575a76cc20bb9
SSDEEP

768:+CPERzS9Bb5XU4No3WYc5PueI6hyaqzD+Vv+5fHytfe8jpnZQlnE0:Fc0PdXUU+iNjI+yaqaWRGDkE0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
df8deab24fbd01d7ba78c292dfc2dae7_JaffaCakes118

Files

df8deab24fbd01d7ba78c292dfc2dae7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

af05a99f87f4f8ed59985b619cda305d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\ProjectsVSNet\Dasha v1.1\Release\Dasha.pdb

Imports

kernel32

GetLastError
CreateMutexA
GetCurrentThreadId
lstrlenA
lstrcatA
lstrcpyA
DeleteFileA
Sleep
FindClose
FindNextFileA
lstrcmpA
FindFirstFileA
SetCurrentDirectoryA
CopyFileA
GetModuleFileNameA
GetEnvironmentVariableA
GetComputerNameA
ReadFile
GetFileSize
CreateFileA
WriteFile
LCMapStringW
LCMapStringA
VirtualQuery
GetSystemInfo
VirtualProtect
GetLocaleInfoA
CloseHandle
SetEndOfFile
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetCPInfo
GetOEMCP
GetACP
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
LoadLibraryA
SetFilePointer
FlushFileBuffers
SetStdHandle
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetFileType
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
GetModuleHandleA
CreateThread
GlobalLock
GetSystemDirectoryA
HeapSize
GlobalUnlock
HeapAlloc
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetCurrentProcess
TerminateProcess
GetProcAddress
HeapFree
GetVersionExA
GetCommandLineA
GetStartupInfoA
RtlUnwind
GetSystemTimeAsFileTime
ExitProcess

user32

CreateWindowExA
ShowWindow
EndDialog
CloseClipboard
UpdateWindow
OpenClipboard
SendMessageA
DialogBoxParamA
DestroyWindow
DefWindowProcA
PostQuitMessage
SetClipboardViewer
GetClipboardData
GetForegroundWindow
GetWindowThreadProcessId
GetWindowTextA
GetKeyboardLayout
CallNextHookEx
AttachThreadInput
GetKeyboardState
ToAsciiEx
FindWindowA
LoadStringA
LoadAcceleratorsA
SetWindowsHookExA
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
LoadIconA
LoadCursorA
RegisterClassExA
BeginPaint
EndPaint
ChangeClipboardChain

advapi32

RegOpenKeyA
RegSetValueExA
RegCloseKey
RegQueryValueExA
GetUserNameA

shell32

ShellExecuteA

ws2_32

htons
WSAStartup
connect
recv
closesocket
socket
inet_addr
send

shlwapi

PathRemoveFileSpecA

wininet

InternetCloseHandle
InternetOpenA
InternetReadFile
InternetOpenUrlA

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

af05a99f87f4f8ed59985b619cda305d

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ws2_32

shlwapi

wininet

Sections

.text Size: 36KB - Virtual size: 33KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 24KB - Virtual size: 20KB

.text
Size: 36KB - Virtual size: 33KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 24KB - Virtual size: 20KB