fb8f87887e88729a61b13d0bc0e9b7d9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fb8f87887e88729a61b13d0bc0e9b7d9_JaffaCakes118
Size

216KB
MD5

fb8f87887e88729a61b13d0bc0e9b7d9
SHA1

9f4fe00374ab5770844128432466a5cba4ebe77c
SHA256

ab7aaf086ff891da4a54a0dbe0c12da381f5e99af0afc068e3b8537ea59cf9ce
SHA512

51dd232abea2f139761bcb6bf6199817ea3b1b27c569076ef1945fb5d11ece7dfa7a4446c57eaa0be81dc3bccc0030667cf0ee5ccd921696c44804a077f7b50f
SSDEEP

6144:PKMLTMZGc4A/hX84RjmxKUHDgEAI+fOWFzoj:tSGChXjRjmfj+mWFzo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fb8f87887e88729a61b13d0bc0e9b7d9_JaffaCakes118

Files

fb8f87887e88729a61b13d0bc0e9b7d9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f6f778400772c672948072d5f10656dd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_itoa
_strnicmp
_CxxThrowException
??1type_info@@UAE@XZ
__CxxFrameHandler
mbstowcs
strncat
wcscpy
wcslen
memmove
strcpy
_rotr
_rotl
_vsnprintf
memcmp
tolower
strcmp
printf
??2@YAPAXI@Z
??3@YAXPAX@Z
vsprintf
_beginthreadex
_except_handler3
ceil
_ftol
exit
realloc
strncmp
_snprintf
strstr
sscanf
atoi
fseek
fread
fopen
fclose
fwrite
ftell
strcat
memset
clock
sprintf
strncpy
memcpy
free
malloc
strlen
_strcmpi

ws2_32

connect
__WSAFDIsSet
accept
shutdown
setsockopt
bind
send
getpeername
ioctlsocket
socket
inet_ntoa
gethostbyaddr
WSAGetLastError
getservbyport
select
closesocket
WSASetLastError
htons
gethostbyname
getsockname
inet_addr
recv
htonl
sendto
WSACleanup
recvfrom
WSAIoctl
gethostname
WSAStartup
listen

kernel32

GetVersionExA
GetLocaleInfoA
SetCurrentDirectoryA
lstrlenA
GetWindowsDirectoryA
CreateFileA
GetFileTime
SetFileTime
GetSystemDirectoryA
MultiByteToWideChar
LoadLibraryA
GetProcAddress
ExitProcess
CopyFileA
GetLastError
WriteFile
SearchPathA
CreatePipe
GetCurrentProcess
GetComputerNameA
CreateProcessA
PeekNamedPipe
GetExitCodeProcess
ReadFile
GetModuleHandleA
GetModuleFileNameA
OpenProcess
ReadProcessMemory
Sleep
TerminateProcess
CloseHandle
SetFileAttributesA
DeleteFileA
LocalFree
CreateThread
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GlobalMemoryStatus
GetDiskFreeSpaceExA
GetDriveTypeA
GetTickCount
QueryPerformanceFrequency
QueryPerformanceCounter
IsBadCodePtr
TerminateThread
InitializeCriticalSection
GetCurrentProcessId
EnterCriticalSection
DuplicateHandle
SetErrorMode
CreateMutexA
lstrcpyA
lstrcpynA
GetEnvironmentVariableA
lstrcmpA
LeaveCriticalSection

user32

GetForegroundWindow
IsCharAlphaNumericA
wsprintfA
GetWindowTextA
FindWindowA
SendMessageA

advapi32

RegEnumValueA
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
GetUserNameA
CryptReleaseContext
CryptGenRandom
CryptAcquireContextA
RegCloseKey

shell32

ShellExecuteA

oleaut32

GetErrorInfo

Sections

.text
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

w.0hnf.3
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

3y4plo7s
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

izj15c16
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

7vz4nm9d
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.nkh
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f6f778400772c672948072d5f10656dd

Headers

File Characteristics

Imports

msvcrt

ws2_32

kernel32

user32

advapi32

shell32

oleaut32

Sections

.text Size: 100KB - Virtual size: 100KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 32KB - Virtual size: 32KB

w.0hnf.3 Size: 8KB - Virtual size: 8KB

.adata Size: 4KB - Virtual size: 4KB

3y4plo7s Size: 24KB - Virtual size: 24KB

izj15c16 Size: 32KB - Virtual size: 32KB

7vz4nm9d Size: 4KB - Virtual size: 4KB

.nkh Size: 4KB - Virtual size: 4KB

.text
Size: 100KB - Virtual size: 100KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 32KB - Virtual size: 32KB

w.0hnf.3
Size: 8KB - Virtual size: 8KB

.adata
Size: 4KB - Virtual size: 4KB

3y4plo7s
Size: 24KB - Virtual size: 24KB

izj15c16
Size: 32KB - Virtual size: 32KB

7vz4nm9d
Size: 4KB - Virtual size: 4KB

.nkh
Size: 4KB - Virtual size: 4KB