e1e8ca7f6b2f885e01ec6a974b2ac2a2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e1e8ca7f6b2f885e01ec6a974b2ac2a2_JaffaCakes118
Size

52KB
MD5

e1e8ca7f6b2f885e01ec6a974b2ac2a2
SHA1

b556f4d6c034f369ae93eac08200ac935d239893
SHA256

b9286c5fc0b7143364b90b5b7e8aeabfcd6d851429012061d9b515ae7ff4d8b4
SHA512

dbf81316e6dfacdcfa8789dfea73ecc4d86333f74c35615901125e71698230d14cf9aa697c438f58d688b430afbf2ab02c6dd166e0fb18be149ee652fd598cc0
SSDEEP

768:eKr8oCoZ7m7VIlWBfqvTcO1d+w6viBEdZjfbGRDdM1:P7iDvvkEzGpdM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e1e8ca7f6b2f885e01ec6a974b2ac2a2_JaffaCakes118

Files

e1e8ca7f6b2f885e01ec6a974b2ac2a2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2a5bd2a4c5888288b20e17e2790371d2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetDriveTypeA
GetLogicalDriveStringsA
GetExitCodeProcess
CloseHandle
TerminateProcess
GetDiskFreeSpaceExA
DeviceIoControl
ReadDirectoryChangesW
CreateFileA
GetCurrentThreadId
GetCurrentProcessId
lstrcmpiA
MapUserPhysicalPages
FreeUserPhysicalPages
EnterCriticalSection
GetCurrentProcess
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
GetStartupInfoA
CreateProcessA
GetLastError
CreateMutexA
GetSystemTimeAsFileTime
VirtualAlloc
WriteFile
ReadFile
GetFileSize
SetFilePointerEx
AllocateUserPhysicalPages
LeaveCriticalSection
VirtualFree
DeleteCriticalSection
InitializeCriticalSection
GetModuleFileNameA
LoadLibraryA
VirtualAlloc
GetModuleFileNameA
ExitProcess

msvcrt

_memicmp
_strnicmp
_stricmp
_beginthreadex
_purecall
scanf
printf
_controlfp
_except_handler3
__set_app_type
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__p___initenv
exit
_XcptFilter
_exit
_onexit
__dllonexit
atol
strstr
_vsnprintf
strchr
strrchr
sprintf
??2@YAPAXI@Z
??3@YAXPAX@Z
_sleep
__CxxFrameHandler
__p__fmode

ws2_32

getpeername
setsockopt
accept
WSARecv
WSASend
WSAGetLastError
socket
htons
listen
WSAStartup
bind
shutdown
closesocket

advapi32

CreateServiceA
QueryServiceConfigA
ControlService
StartServiceA
OpenServiceA
QueryServiceStatus
DeleteService
OpenSCManagerA
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
CloseServiceHandle
ChangeServiceConfig2A

user32

MessageBoxA

Sections

.text
Size: - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Enc0
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.Enc1
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2a5bd2a4c5888288b20e17e2790371d2

Headers

File Characteristics

Imports

kernel32

msvcrt

ws2_32

advapi32

user32

Sections

.text Size: - Virtual size: 17KB

.rdata Size: - Virtual size: 3KB

.data Size: - Virtual size: 1.5MB

.Enc0 Size: - Virtual size: 12KB

.Enc1 Size: 44KB - Virtual size: 41KB

.reloc Size: 4KB - Virtual size: 52B

.text
Size: - Virtual size: 17KB

.rdata
Size: - Virtual size: 3KB

.data
Size: - Virtual size: 1.5MB

.Enc0
Size: - Virtual size: 12KB

.Enc1
Size: 44KB - Virtual size: 41KB

.reloc
Size: 4KB - Virtual size: 52B