ea7707da1b0923024ce3d12077fa0a7d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ea7707da1b0923024ce3d12077fa0a7d_JaffaCakes118
Size

2.6MB
MD5

ea7707da1b0923024ce3d12077fa0a7d
SHA1

5f85f679bc12fd14e5c7ac7e69f6e7d5ef92ae69
SHA256

7be425c40624d1a0c0c19396f315b724c35228f1c6c15febba15497427cd0277
SHA512

f7890959dcb750f00df3510a47e26262a9485aeb68375332c66e47d9278e4f51c84fdc67d5aa687de08e67ed81340ad12d4bac3a308bd67b783873d101b8dda3
SSDEEP

49152:5hMx5WYVyC4bL7/2ooOGNpTDfQAN8BiA1NnL//GDQvV0WClME6:5hMx5WDCEL7edOG7TDNN8BiA1NnT4b6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ea7707da1b0923024ce3d12077fa0a7d_JaffaCakes118

Files

ea7707da1b0923024ce3d12077fa0a7d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1d7b730ac37e58a43887b8c12ae1cb56

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

inet_ntoa
gethostname
gethostbyname
WSACleanup
WSAStartup
getsockname
htonl
ntohs
recvfrom
bind
sendto
recv
WSAGetLastError
send
select
__WSAFDIsSet
shutdown
socket
setsockopt
connect
closesocket
ioctlsocket
htons
ntohl
inet_addr

mss32

_AIL_stream_status@4
_AIL_open_stream@12
_AIL_start_stream@4
_AIL_pause_stream@8
_AIL_close_stream@4
_AIL_set_stream_volume_pan@12
_AIL_allocate_3D_sample_handle@4
_AIL_set_3D_sample_info@8
_AIL_set_3D_sample_loop_block@12
_AIL_set_3D_sample_loop_count@8
_AIL_allocate_sample_handle@4
_AIL_init_sample@4
_AIL_set_sample_address@12
_AIL_set_sample_type@12
_AIL_set_sample_loop_block@12
_AIL_set_sample_loop_count@8
_AIL_start_sample@4
_AIL_start_3D_sample@4
_AIL_sample_status@4
_AIL_3D_sample_status@4
_AIL_set_3D_sample_distances@12
_AIL_set_3D_position@16
_AIL_set_sample_playback_rate@8
_AIL_set_3D_sample_playback_rate@8
_AIL_set_sample_volume_pan@12
_AIL_set_3D_sample_volume@8
_AIL_resume_sample@4
_AIL_resume_3D_sample@4
_AIL_stop_sample@4
_AIL_stop_3D_sample@4
_AIL_release_sample_handle@4
_AIL_release_3D_sample_handle@4
_AIL_close_3D_provider@4
_AIL_set_3D_rolloff_factor@8
_AIL_open_3D_provider@4
_AIL_set_redist_directory@4
_AIL_quick_startup@20
_AIL_last_error@0
_AIL_quick_handles@12
_AIL_set_file_callbacks@16
_AIL_enumerate_3D_providers@12

binkw32

_BinkNextFrame@4
_BinkCopyToBuffer@28
_BinkOpenMiles@4
_BinkSetSoundSystem@8
_BinkSetVolume@12
_BinkClose@4
_BinkWait@4
_BinkOpen@8
_BinkDoFrame@4

d3d9

Direct3DCreate9

dinput8

DirectInput8Create

winmm

timeGetTime

kernel32

LCMapStringA
HeapSize
HeapReAlloc
SetUnhandledExceptionFilter
HeapFree
HeapCreate
HeapDestroy
GetFileType
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
HeapAlloc
GetCPInfo
GetOEMCP
VirtualQuery
FlushFileBuffers
GetStringTypeA
GetStringTypeW
IsBadWritePtr
LCMapStringW
FreeEnvironmentStringsW
VirtualProtect
GetACP
GetSystemTimeAsFileTime
RaiseException
RtlUnwind
LoadLibraryA
GetCommandLineA
GetStartupInfoA
TerminateProcess
GetProcAddress
ExitProcess
WriteFile
SetFilePointer
DebugBreak
SetConsoleTextAttribute
GetStdHandle
GlobalAlloc
GetOverlappedResult
ReadFile
GetLogicalDrives
SetEndOfFile
SetStdHandle
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetCurrentProcessId
GetCurrentThreadId
GetLocaleInfoA
IsBadCodePtr
GetVersionExA
GetModuleFileNameA
GetDriveTypeA
QueryPerformanceFrequency
GetVersion
GetTickCount
Sleep
QueryPerformanceCounter
VirtualAlloc
VirtualFree
GetSystemInfo
ResumeThread
SetThreadPriority
GetThreadPriority
GetCurrentThread
GetLastError
CreateThread
GetModuleHandleA
CloseHandle
CreateFileA
FindClose
FindNextFileA
FindFirstFileA
OutputDebugStringA
GetCurrentProcess
IsBadReadPtr

user32

SetFocus
UpdateWindow
ShowWindow
GetClientRect
MessageBoxA
GetWindowRect
GetWindowLongA
CreateWindowExA
AdjustWindowRect
SetRect
ReleaseDC
GetDC
RegisterClassA
LoadCursorA
LoadIconA
GetSystemMetrics
GetMessageA
PeekMessageA
DispatchMessageA
TranslateMessage
SetWindowTextA
MapWindowPoints
GetDesktopWindow
ShowCursor
DestroyWindow
wvsprintfA
GetParent
SetCapture
ReleaseCapture
SendMessageA
DefWindowProcA

gdi32

GetDeviceCaps
CreateSolidBrush

advapi32

RegOpenKeyExA
RegCloseKey
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA

ole32

CoInitialize
CoCreateInstance
CoUninitialize

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 212KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1d7b730ac37e58a43887b8c12ae1cb56

Headers

File Characteristics

Imports

wsock32

mss32

binkw32

d3d9

dinput8

winmm

kernel32

user32

gdi32

advapi32

ole32

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 212KB - Virtual size: 212KB

.data Size: 100KB - Virtual size: 2.1MB

.tls Size: 4KB - Virtual size: 4KB

.reloc Size: 8KB - Virtual size: 8KB

.rsrc Size: 8KB - Virtual size: 8KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 212KB - Virtual size: 212KB

.data
Size: 100KB - Virtual size: 2.1MB

.tls
Size: 4KB - Virtual size: 4KB

.reloc
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 8KB - Virtual size: 8KB