f53ee860203e6170fed61ffa26905717_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f53ee860203e6170fed61ffa26905717_JaffaCakes118
Size

516KB
MD5

f53ee860203e6170fed61ffa26905717
SHA1

31571333d225cdbfa5150d6f0331d963f17f5025
SHA256

95a54057208b0ad8e071a6d88fd5b6b5e71c9941520ee57501337bf1721a2a01
SHA512

187e7b4a99bfca329f3654ce8dfb7e039b96e5e17b074908f1205d1b481d5f480466dfee6e6b16dfdfc2eab255c9cc695ddd3a62015c45e444a71c62922b0ded
SSDEEP

6144:pKjfPnuo3iho2BAxBErDae2CY3YGoAuVSz5uh0PD3QIUmrkUNZ2KOk:ofKw8aDuMgOXo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f53ee860203e6170fed61ffa26905717_JaffaCakes118

Files

f53ee860203e6170fed61ffa26905717_JaffaCakes118
.exe windows:4 windows x86 arch:x86

65d84cddd2a0c01e468ef3dbdc2541ee

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrtd

_strdup
_itoa
_wcsicmp
_strnicmp
_stricmp
_write
_wcsupr
_read
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
_onexit
__dllonexit
isalpha
_beginthread
_endthread
islower
isupper
isalnum
_strrev
swprintf
_iob
putc
_ultoa
_endthreadex
_beginthreadex
sscanf
toupper
isdigit
strchr
_assert
_local_unwind2
strrchr
printf
time
__CxxFrameHandler
exit
fgets
strncmp
strcpy
wcscmp
strstr
_ftol
strcat
rand
wcslen
wcsncpy
wcsncmp
wcscpy
fseek
ftell
malloc
fread
free
fwrite
strncpy
strtok
atoi
strcmp
srand
wcscat
getenv
_snprintf
sprintf
memset
_except_handler3
fopen
vsprintf
fprintf
fclose
memcpy
strlen
??3@YAXPAX@Z
_chkesp
??2@YAPAXI@Z

msvcp60d

??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ

advapi32

OpenServiceW
GetSidSubAuthority
LookupAccountSidW
ControlService
QueryServiceStatus
StartServiceW
DeleteService
AllocateAndInitializeSid
SetEntriesInAclW
SetSecurityInfo
FreeSid
RegQueryValueExA
OpenServiceA
ChangeServiceConfigW
RegCreateKeyExA
GetUserNameA
InitiateSystemShutdownW
OpenSCManagerW
EnumServicesStatusW
RegOpenKeyExA
RegSetValueExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegisterServiceCtrlHandlerW
SetServiceStatus
OpenSCManagerA
CreateServiceA
ChangeServiceConfig2W
CloseServiceHandle
StartServiceCtrlDispatcherW
LsaOpenPolicy
LsaAddAccountRights
LsaRemoveAccountRights
LookupAccountNameW
GetUserNameW
LsaClose

mpr

WNetOpenEnumW
WNetCancelConnectionW
WNetAddConnection2W

netapi32

NetUserEnum
NetUserGetInfo
NetShareAdd
NetServerDiskEnum
NetApiBufferFree

odbc32

ord31
ord75
ord24
ord141

shell32

ShellExecuteA

user32

wsprintfA
wsprintfW

wininet

InternetCloseHandle
InternetReadFile
InternetOpenUrlA
InternetOpenW

ws2_32

closesocket
recv
send
select
connect
__WSAFDIsSet
ioctlsocket
socket
htons
inet_addr
shutdown
gethostbyaddr
inet_ntoa
gethostbyname
getsockname
WSAStartup
accept
listen
bind
htonl
WSACleanup

kernel32

SetCurrentDirectoryW
DeleteFileW
CopyFileW
Sleep
ExitProcess
SetLastError
MultiByteToWideChar
lstrlenW
HeapAlloc
GetLastError
HeapReAlloc
GetProcessHeap
HeapFree
AllocConsole
GetModuleHandleW
GetModuleFileNameA
GetStdHandle
GetCurrentProcessId
WriteFile
FreeConsole
GlobalMemoryStatus
GetSystemDirectoryW
GetDateFormatA
GetSystemDirectoryA
lstrcmpiA
SetErrorMode
GetExitCodeProcess
ExitThread
PeekNamedPipe
CreatePipe
SearchPathA
SetFileTime
GetFileTime
GetWindowsDirectoryA
LocalFree
FormatMessageW
SystemTimeToFileTime
GetSystemTimeAsFileTime
SizeofResource
LockResource
LoadResource
FindResourceW
GetTempPathW
GetModuleFileNameW
GetProcAddress
LoadLibraryW
GetCurrentThreadId
GetTickCount
ReleaseMutex
CreateMutexW
DeleteFileA
CloseHandle
WaitForSingleObject
OpenProcess
GetCurrentProcess
SetPriorityClass
GetWindowsDirectoryW
MoveFileW
ReadFile
GetFileSize
CreateFileW
DuplicateHandle
VirtualAlloc
VirtualFree
CompareStringW
LoadLibraryA
GetVersionExW
GetDiskFreeSpaceExW
GetDiskFreeSpaceExA
GetLocaleInfoA
TerminateProcess
GetTempPathA
Process32NextW
Process32FirstW
CreateFileA
GetComputerNameA
CreateToolhelp32Snapshot
TerminateThread
CreateThread
CreateProcessA
GetTimeFormatA
InitializeCriticalSection
ResetEvent
CreateEventW
CreateSemaphoreW
SetEvent
LeaveCriticalSection
EnterCriticalSection
MoveFileA
WideCharToMultiByte
CopyFileA
GetModuleHandleA
GetStartupInfoA

Sections

.text
Size: 280KB - Virtual size: 277KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 13.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

65d84cddd2a0c01e468ef3dbdc2541ee

Headers

File Characteristics

Imports

msvcrtd

msvcp60d

advapi32

mpr

netapi32

odbc32

shell32

user32

wininet

ws2_32

kernel32

Sections

.text Size: 280KB - Virtual size: 277KB

.rdata Size: 24KB - Virtual size: 22KB

.data Size: 16KB - Virtual size: 13.8MB

.idata Size: 8KB - Virtual size: 7KB

.rsrc Size: 128KB - Virtual size: 127KB

.reloc Size: 52KB - Virtual size: 48KB

.text
Size: 280KB - Virtual size: 277KB

.rdata
Size: 24KB - Virtual size: 22KB

.data
Size: 16KB - Virtual size: 13.8MB

.idata
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 128KB - Virtual size: 127KB

.reloc
Size: 52KB - Virtual size: 48KB