f994cf04c440053d1a7478df966f339f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f994cf04c440053d1a7478df966f339f_JaffaCakes118
Size

188KB
MD5

f994cf04c440053d1a7478df966f339f
SHA1

9568e13550ce377428a54d7cdd17e3a110a5cf69
SHA256

0c705a2145aa0515c4e6a447949659a718515976ec15eeeccd9c3ef1b4c81df7
SHA512

317e3f32ff8bd4d83cc13882afa94ee821be410fc592f1786741ac19719c8ac5cb74d558baab8ebd52633bdda794797a9d4dd5a5f841a2d60cc6d879415107a4
SSDEEP

3072:zNCMBlKmXEkve/OwKpGcK4LVAzi0lhDgb1nL4vEj53HsF4G7A/HHJapS+0UI4:hCMBllwUGe0Y5LMEjRS4d/HHJapS+j

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f994cf04c440053d1a7478df966f339f_JaffaCakes118

Files

f994cf04c440053d1a7478df966f339f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b766c6ae84e8e13e0d333ff1c3f96d69

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_itoa
_wcsicmp
_stricmp
_strdup
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
_onexit
__dllonexit
isalpha
wcslen
islower
isupper
isalnum
wcscmp
_strrev
swprintf
wcsncpy
_iob
putc
_ultoa
_endthreadex
_beginthreadex
sscanf
fgets
toupper
isdigit
strchr
free
_local_unwind2
malloc
__CxxFrameHandler
strncmp
??2@YAPAXI@Z
atoi
_ftol
rand
strstr
strncpy
strtok
printf
srand
exit
wcsstr
wcscat
_except_handler3
fopen
vsprintf
fprintf
fclose
fread
sprintf
??3@YAXPAX@Z

msvcp60

??0Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??1_Winit@std@@QAE@XZ

advapi32

OpenServiceW
GetSidSubAuthority
LookupAccountSidW
EnumServicesStatusW
ControlService
QueryServiceStatus
StartServiceW
DeleteService
AllocateAndInitializeSid
FreeSid
OpenSCManagerW
OpenServiceA
RegOpenKeyExA
RegSetValueExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegisterServiceCtrlHandlerW
SetServiceStatus
OpenSCManagerA
CreateServiceA
CloseServiceHandle
StartServiceCtrlDispatcherW
LsaOpenPolicy
LsaAddAccountRights
LsaRemoveAccountRights
LookupAccountNameW
GetUserNameW
LsaClose

mpr

WNetAddConnection2W
WNetCancelConnectionW

netapi32

NetApiBufferFree
NetUserEnum
NetUserGetInfo
NetShareAdd
NetServerGetInfo
NetServerDiskEnum
NetRemoteTOD

odbc32

ord31
ord75
ord24
ord141

user32

wsprintfW

wininet

InternetOpenW

ws2_32

WSACleanup
send
__WSAFDIsSet
select
ioctlsocket
recv
closesocket
connect
socket
htons
inet_addr
shutdown
WSAStartup
gethostbyaddr

kernel32

GetCurrentProcessId
FreeConsole
AllocConsole
GetStdHandle
DeleteFileA
WaitForSingleObject
WriteFile
GetModuleFileNameA
FormatMessageW
CreateFileW
SizeofResource
LockResource
LoadResource
FindResourceW
SetConsoleCtrlHandler
InitializeCriticalSection
ResetEvent
CreateSemaphoreW
SetEvent
LeaveCriticalSection
GetModuleHandleW
HeapFree
GetProcessHeap
GetLastError
HeapReAlloc
HeapAlloc
lstrlenW
CloseHandle
ExitProcess
Sleep
CopyFileW
DeleteFileW
SetCurrentDirectoryW
GetSystemDirectoryW
GetTempPathW
GetModuleFileNameW
LoadLibraryW
GetTickCount
GetProcAddress
LoadLibraryA
ReleaseMutex
CreateMutexW
CreateEventW
GetCurrentProcess
SetPriorityClass
OpenProcess
GetCurrentThreadId
TerminateProcess
lstrcmpiA
GetComputerNameA
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
MultiByteToWideChar
CreateThread
LocalFree
EnterCriticalSection
MoveFileA
WideCharToMultiByte
CopyFileA
GetDiskFreeSpaceExW
GetModuleHandleA
GetStartupInfoA

Sections

.text
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 11.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b766c6ae84e8e13e0d333ff1c3f96d69

Headers

File Characteristics

Imports

msvcrt

msvcp60

advapi32

mpr

netapi32

odbc32

user32

wininet

ws2_32

kernel32

Sections

.text Size: 56KB - Virtual size: 54KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 24KB - Virtual size: 11.5MB

.rsrc Size: 96KB - Virtual size: 93KB

.text
Size: 56KB - Virtual size: 54KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 24KB - Virtual size: 11.5MB

.rsrc
Size: 96KB - Virtual size: 93KB