fb31ac3a4299c5e30ebb5a3df7c226cc_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

fb31ac3a4299c5e30ebb5a3df7c226cc_JaffaCakes118
Size

68KB
MD5

fb31ac3a4299c5e30ebb5a3df7c226cc
SHA1

c00e4fe8461e28912b4359a798b0764b1602da64
SHA256

7acc142b88a8b3b61f827aa0c5b7dae4bc1eca72ef8f8e50f833ec2e8d48bd2a
SHA512

8239015817d10905ffe4ea8b999f6682d18237d81bb8e0cd8201c20c71448d87a828106f6f9a738295bbef18583c68b811e92c021cacefc934b35b13903250b4
SSDEEP

1536:CA/dQEfKpgqulUoR5nnbcumnz/WQYynJN6:CA/dQEfKpOtb0pYynJN6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fb31ac3a4299c5e30ebb5a3df7c226cc_JaffaCakes118

Files

fb31ac3a4299c5e30ebb5a3df7c226cc_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b9947f4c338a1b882668424b389c5689

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CreateFileA
DeleteFileA
CopyFileA
WaitForSingleObject
GetModuleHandleA
OpenProcess
WinExec
GetLastError
TerminateProcess
GetSystemDirectoryA
CreateProcessA
GetEnvironmentVariableA
GetShortPathNameA
GetModuleFileNameA
GetTempPathA
DebugBreak
OutputDebugStringA
GetFileSize
WriteFile
ReadFile
InterlockedDecrement
InterlockedIncrement
CreateDirectoryA
GetStartupInfoA
LocalFree
CreateThread
lstrlenW
WideCharToMultiByte
FindFirstFileA
FindNextFileA
FindClose
MultiByteToWideChar
lstrcmpiA
lstrlenA
lstrcatA
lstrcpyA
Sleep

user32

wvsprintfA
CharLowerA
CharNextA
LoadStringA

advapi32

RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
OpenSCManagerA
OpenServiceA
QueryServiceStatus
StartServiceA
CloseServiceHandle
ControlService
RegSetValueExA
RegQueryValueExA
RegEnumKeyExA
RegOpenKeyExA

shell32

ShellExecuteA
SHGetSpecialFolderPathA

ole32

CoCreateGuid
CoCreateInstance
CoInitialize
CoUninitialize
CoTaskMemFree
StringFromCLSID

oleaut32

VariantClear
SysFreeString
SysAllocStringLen
SysAllocString
LoadTypeLi

wininet

InternetGetConnectedState
InternetOpenA
InternetReadFile
HttpQueryInfoA
InternetOpenUrlA
InternetCloseHandle

urlmon

URLDownloadToFileA

netapi32

Netbios

msvcp60

?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIPBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0logic_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??_7out_of_range@std@@6B@
??1out_of_range@std@@UAE@XZ
??0out_of_range@std@@QAE@ABV01@@Z
??0logic_error@std@@QAE@ABV01@@Z
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z

msvcrt

strcat
_ismbcdigit
wcslen
time
atol
rand
fgets
atoi
strcmp
strncmp
memset
srand
strtok
free
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
__dllonexit
_onexit
_strnicmp
_strlwr
_itoa
_controlfp
_mbsrchr
_snprintf
__CxxFrameHandler
strlen
strstr
??2@YAPAXI@Z
??0exception@@QAE@ABV0@@Z
_CxxThrowException
memcpy
_ismbcspace
memmove
_mbschr
_mbsstr
fclose
fflush
fwrite
fopen
_except_handler3
sprintf
strcpy

Sections

.text
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b9947f4c338a1b882668424b389c5689

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

wininet

urlmon

netapi32

msvcp60

msvcrt

Sections

.text Size: 48KB - Virtual size: 44KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 4KB

.text
Size: 48KB - Virtual size: 44KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 4KB