f9e18a8b1389c252c5ffd44fb551ae5a_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

f9e18a8b1389c252c5ffd44fb551ae5a_JaffaCakes118
Size

70KB
MD5

f9e18a8b1389c252c5ffd44fb551ae5a
SHA1

1c51d48998c5c46672565d58bc35c0425ea493db
SHA256

7a6d67de3d3a0f114f39d0d97d60a653c604f9fe51d82bb56e477652aea7c34a
SHA512

4bcca68991560aef8401c538eec2ea19ca2e6ab1d25cd179b87de47b7ef9d54ed143844c764b1d4f743767d6c9dfe553c1e19acc6fcfa232901bdd0b167deceb
SSDEEP

1536:cS+q3Ebv/yxq6eiee1qE9zRiN3QdAIkW/Pt7O:+q343yEeBtd/Pt7O

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f9e18a8b1389c252c5ffd44fb551ae5a_JaffaCakes118

Files

f9e18a8b1389c252c5ffd44fb551ae5a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

10c993fecb226bea86a3c13e978aa1d6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

inet_addr
gethostbyname
select
WSAStartup
WSACleanup
htons
socket
connect
send
closesocket
recv

user32

CharLowerA
FindWindowA

kernel32

GetTempPathA
Sleep
ReleaseMutex
GetTickCount
CreateMutexA
lstrcmpiA
SetFileAttributesA
GetLastError
CreateDirectoryA
GetModuleFileNameA
GetModuleHandleA
GetComputerNameA
GetWindowsDirectoryA
OpenMutexA
SetErrorMode
ExitProcess
DeleteFileA
LocalFree
LocalAlloc
GetVersionExA
GetLocaleInfoA
WaitForSingleObject
CreateThread
WriteFile
CreateFileA
ExitThread
CreateProcessA
CloseHandle
GetStringTypeA
GetStringTypeW
HeapSize
SetEndOfFile
GetProcessHeap
SetEvent
HeapFree
LCMapStringW
LCMapStringA
HeapAlloc
GetCommandLineA
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
RtlUnwind
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
MultiByteToWideChar
ReadFile
DeleteCriticalSection
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
GetStdHandle
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
SetStdHandle
FlushFileBuffers
SetFilePointer
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
InitializeCriticalSectionAndSpinCount
LoadLibraryA

advapi32

ControlService
CreateServiceA
LockServiceDatabase
QueryServiceLockStatusA
ChangeServiceConfig2A
UnlockServiceDatabase
OpenSCManagerA
OpenServiceA
StartServiceA
CloseServiceHandle
RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceCtrlDispatcherA
GetUserNameA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
DeleteService

shell32

SHGetFolderPathA

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

10c993fecb226bea86a3c13e978aa1d6

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

user32

kernel32

advapi32

shell32

Sections

.text Size: 52KB - Virtual size: 51KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 5KB - Virtual size: 14KB

.rsrc Size: 512B - Virtual size: 436B

.text
Size: 52KB - Virtual size: 51KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 5KB - Virtual size: 14KB

.rsrc
Size: 512B - Virtual size: 436B