edca1cffd1ff2bdfc57153a3205fee28_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

edca1cffd1ff2bdfc57153a3205fee28_JaffaCakes118
Size

127KB
MD5

edca1cffd1ff2bdfc57153a3205fee28
SHA1

79563ea503b604223667265df8c7990d46c9f09a
SHA256

1cd3f805bba564c28d16e4295e7be6fe6ca7f4737127dd3c77e944de798e2933
SHA512

b418cf6c085e549765bc71448a4351300ebe94cf27b499f8f77baf0e14f4d334ea3e3670651a08151cd5ed08d851c933dbf713829dab78ba0dbaeaa839619232
SSDEEP

3072:SvBkbFPqDSJ/mGPcp/Tvq/r+JYq/78bw/JNtWG:+03qjQ+JYq/gcIG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
edca1cffd1ff2bdfc57153a3205fee28_JaffaCakes118

Files

edca1cffd1ff2bdfc57153a3205fee28_JaffaCakes118
.exe windows:4 windows x86 arch:x86

72d33a4d59ef176a7d94cc5a4035f384

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

shutdown
inet_ntoa
ioctlsocket
ntohl
htonl
getsockname
gethostbyname
WSAStartup
select
setsockopt
bind
listen
accept
recv
send
inet_addr
htons
socket
connect
closesocket
WSACleanup

shell32

ShellExecuteA
SHGetFolderPathA

wininet

InternetOpenUrlA
InternetOpenA
InternetReadFile

user32

CharLowerA

kernel32

GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
InitializeCriticalSection
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
CloseHandle
GetCurrentProcess
FindClose
FindFirstFileA
Process32Next
DeleteFileA
SetFileAttributesA
TerminateProcess
OpenProcess
lstrcmpiA
Process32First
CreateToolhelp32Snapshot
GetWindowsDirectoryA
GetSystemDirectoryA
Sleep
GetLocaleInfoA
CreateProcessA
ExitThread
GetModuleFileNameA
CreateThread
WriteFile
CreateFileA
LockResource
LoadResource
SizeofResource
FindResourceA
GetModuleHandleA
GetTickCount
GetTempPathA
WaitForSingleObject
CreateMutexA
SetErrorMode
GetLastError
CreateDirectoryA
TerminateThread
GetVersionExA
ExpandEnvironmentStringsA
GetFileAttributesA
CreateEventA
ReadFile
GetProcAddress
LoadLibraryA
CopyFileA
MultiByteToWideChar
SetFileTime
GetFileTime
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapSize
SetEndOfFile
ExitProcess
GetEnvironmentStrings
FreeEnvironmentStringsA
RaiseException
GetOEMCP
HeapAlloc
GetSystemTimeAsFileTime
HeapFree
GetCommandLineA
GetProcessHeap
GetStartupInfoA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
VirtualFree
VirtualAlloc
HeapReAlloc
HeapDestroy
HeapCreate
GetStdHandle
RtlUnwind
SetHandleCount
GetFileType
SetFilePointer
GetCPInfo
GetACP

advapi32

LookupPrivilegeValueA
RegOpenKeyExA
RegQueryValueExA
RegDeleteValueA
GetUserNameA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
OpenProcessToken
AdjustTokenPrivileges

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

72d33a4d59ef176a7d94cc5a4035f384

Headers

File Characteristics

Imports

ws2_32

shell32

wininet

user32

kernel32

advapi32

version

Sections

.text Size: 89KB - Virtual size: 89KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 12KB - Virtual size: 27KB

.rsrc Size: 512B - Virtual size: 176B

.text
Size: 89KB - Virtual size: 89KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 12KB - Virtual size: 27KB

.rsrc
Size: 512B - Virtual size: 176B