e25cb1a37626362ed24dd656b9eb78c0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e25cb1a37626362ed24dd656b9eb78c0_JaffaCakes118
Size

536KB
MD5

e25cb1a37626362ed24dd656b9eb78c0
SHA1

3d2f9246c610f2dd5f7a55f7c2d6b56be12e1ed7
SHA256

44c582ba7daefd2822fb4ac283ff35f7417318e93c74f3127ac4dc48bc54d6e3
SHA512

9b57b5861ee04d4b29d3d0a8033ceb5da3b537c23b7a369870d50c994a3edbad9b5c680ba49f90452453caa2c3ab4d86e2d8e22921c026971f38dcf9bf01ec83
SSDEEP

12288:9MMnMMMMMULyhQP47N3hvEZijBuStWUNCUmBSOU9f6HDkr1xEFHtMkxjQhdp2J1:9MMnMMMMM9QP47NRvyduNC5EfIU/QHtJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e25cb1a37626362ed24dd656b9eb78c0_JaffaCakes118

Files

e25cb1a37626362ed24dd656b9eb78c0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0a2ec892cd36f6e068f05e6e71146923

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

dnsapi

DnsReplaceRecordSetW

advapi32

RegEnumValueW
SetServiceStatus
CryptAcquireContextW
RegOpenKeyExW
RegisterServiceCtrlHandlerW
CryptReleaseContext
RegCloseKey
RegEnumKeyExW
CryptGenRandom
RegQueryValueExW

kernel32

FreeLibrary
ReleaseMutex
HeapReAlloc
GetCurrentThreadId
RegisterWaitForSingleObject
WaitForSingleObject
LoadLibraryW
CloseHandle
ChangeTimerQueueTimer
InterlockedIncrement
GetSystemTimeAsFileTime
DeleteCriticalSection
ExpandEnvironmentStringsW
BindIoCompletionCallback
HeapCreate
MultiByteToWideChar
InitializeCriticalSection
InterlockedExchange
CreateEventW
CreateMutexA
GetComputerNameExW
WriteFile
HeapFree
Sleep
HeapAlloc
CreateFileW
DisableThreadLibraryCalls
UnregisterWaitEx
CreateTimerQueueTimer
GetCurrentProcess
WideCharToMultiByte
HeapDestroy
UnhandledExceptionFilter
TerminateProcess
SetUnhandledExceptionFilter
SetEvent
QueryPerformanceCounter
SetLastError
InterlockedDecrement
GetProcAddress
LeaveCriticalSection
UnregisterWait
DeleteTimerQueueTimer
ReadFile
CreateTimerQueue
GetCurrentProcessId
VirtualAlloc
CreateMutexW
DeleteTimerQueue
GetLastError
QueueUserWorkItem
DeviceIoControl

ntdll

RtlAdjustPrivilege
NtWaitForMultipleObjects
RtlGUIDFromString

mswsock

AcceptEx
GetAcceptExSockaddrs

ddraw

DirectDrawCreate

msvcrt

wcscpy
wcscat
wcschr
wcslen
free
memcmp
swprintf
memcpy
malloc
wcscmp
_except_handler3
wcsncpy
memset
memmove
_adjust_fdiv
_initterm
_wcsicmp
strlen

ws2_32

WSASocketW
WSAIoctl
WSAEventSelect
WSAAddressToStringA
WSAAddressToStringW
getnameinfo
WSASendTo
getaddrinfo
freeaddrinfo
WSAStringToAddressA
WSALookupServiceBeginW
WSARecvFrom
WSALookupServiceEnd
WSALookupServiceNextW

ole32

CoTaskMemFree
CoUninitialize
CoCreateInstance
CoInitializeEx

iphlpapi

GetAdaptersAddresses
NotifyAddrChange
GetAdaptersInfo
NotifyRouteChange

Sections

.text
Size: 4KB - Virtual size: 876B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rdata
Size: 424KB - Virtual size: 422KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0a2ec892cd36f6e068f05e6e71146923

Headers

File Characteristics

Imports

dnsapi

advapi32

kernel32

ntdll

mswsock

ddraw

msvcrt

ws2_32

ole32

iphlpapi

Sections

.text Size: 4KB - Virtual size: 876B

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 88KB - Virtual size: 87KB

.data Size: 8KB - Virtual size: 2.0MB

.reloc Size: 4KB - Virtual size: 64B

.rdata Size: 424KB - Virtual size: 422KB

.text
Size: 4KB - Virtual size: 876B

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 88KB - Virtual size: 87KB

.data
Size: 8KB - Virtual size: 2.0MB

.reloc
Size: 4KB - Virtual size: 64B

.rdata
Size: 424KB - Virtual size: 422KB