fd85636c4dbc0a06488733ffd0a87728_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

fd85636c4dbc0a06488733ffd0a87728_JaffaCakes118
Size

807KB
MD5

fd85636c4dbc0a06488733ffd0a87728
SHA1

220de6456fc5cc62f24a849afc8712f4f6bd9fb9
SHA256

7f5a7eb1f52d3f176ec4c39d951831bc7c6cb2a645c6d9cd51ce69316c22716c
SHA512

cae411fb36e85f1fba79bfad268197df11bf2b14e75e54e8a3d6b5edf75d535cf93dba3bae6bb54ff30cd79624181e7eb07fabacc8815ad093b68852aa2f0618
SSDEEP

12288:36DTY0CS6aDwlEDPojIKWzqCddqaFtXTktditMLA53blRI2eF8Jjzgeejt:36DtCS7DPojIKWzp/bMarIwxZEt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fd85636c4dbc0a06488733ffd0a87728_JaffaCakes118

Files

fd85636c4dbc0a06488733ffd0a87728_JaffaCakes118
.exe windows:4 windows x86 arch:x86

42300b6b647f9800eeb0fbd4b7b70aaa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
ReleaseMutex
CreateMutexA
GetCommandLineA
SetUnhandledExceptionFilter
GetCurrentThreadId
GetStartupInfoA
GetModuleHandleA
GetFileAttributesA
SetFileAttributesA
DeleteFileA
CreateToolhelp32Snapshot
Process32First
Process32Next
GetProcessHeap
HeapAlloc
HeapFree
GetTempPathA
SetFilePointer
ReadFile
FreeLibrary
LoadLibraryA
GetProcAddress
lstrcatA
GetWindowsDirectoryA
GetLastError
SetLastError
lstrcmpiA
lstrcpyA
FindResourceA
LoadResource
CreateFileA
SystemTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
SizeofResource
lstrlenA
MultiByteToWideChar
ExitProcess
CreateDirectoryA

user32

wsprintfA

advapi32

GetSecurityDescriptorDacl
RegDeleteKeyA
RegDeleteValueA
ChangeServiceConfigA
ControlService
RegCreateKeyExA
LookupAccountNameA
GetFileSecurityA
InitializeSecurityDescriptor
GetAclInformation
GetLengthSid
InitializeAcl
GetAce
EqualSid
AddAccessAllowedAce
SetSecurityDescriptorDacl
SetFileSecurityA
OpenServiceA
StartServiceA
OpenSCManagerA
CreateServiceA
CloseServiceHandle
RegCloseKey
RegOpenKeyExA
RegSetValueExA

msvcrt

strtok
??2@YAPAXI@Z
strchr
__CxxFrameHandler
??3@YAXPAX@Z
_except_handler3
strstr
realloc
malloc
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_stricmp
_strnset
_strrev

iphlpapi

AddIPAddress
GetInterfaceInfo

ws2_32

inet_addr
WSAStartup
WSACleanup
gethostbyname
inet_ntoa

Sections

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 784KB - Virtual size: 784KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.udata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

42300b6b647f9800eeb0fbd4b7b70aaa

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

iphlpapi

ws2_32

Sections

.data Size: 16KB - Virtual size: 16KB

.rsrc Size: 784KB - Virtual size: 784KB

.adata Size: 6KB - Virtual size: 8KB

.udata Size: - Virtual size: 4KB

.data
Size: 16KB - Virtual size: 16KB

.rsrc
Size: 784KB - Virtual size: 784KB

.adata
Size: 6KB - Virtual size: 8KB

.udata
Size: - Virtual size: 4KB