fdc65d548aaeb82bb57ec621b65f0b15_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fdc65d548aaeb82bb57ec621b65f0b15_JaffaCakes118
Size

160KB
MD5

fdc65d548aaeb82bb57ec621b65f0b15
SHA1

63d35c1c8fc3ad33b4b1506352c9e6f7708d9b6b
SHA256

ea06dae611c5842e158a985bd703134d93f3188a776f40baec4d6de48bd33c2a
SHA512

090aaf24bfd3634f7f065d1c1a979d523d3f6a86e19e5f1b5c5ca5e5e2c43fcfab44997e9a3fa19fadd5d189ad374e8ad1556fe7c94356d14d0a085a207e8bd2
SSDEEP

3072:1BpovonIiZkdK/hD4dD4DF5IRoxbqby5Yn6bZPbO269Wey:1jovItZiyDr5g6qwjxN6Ly

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fdc65d548aaeb82bb57ec621b65f0b15_JaffaCakes118

Files

fdc65d548aaeb82bb57ec621b65f0b15_JaffaCakes118
.exe windows:1 windows x86 arch:x86

07fe6b6a9c4d16a131c29c915682a241

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

ShellExecuteW

kernel32

GetLastError
CreateFileA
CreateSemaphoreA
VirtualFree
FindClose
GetLocaleInfoA
DeleteFileA
GetSystemDefaultLCID
lstrlenA
GetSystemDirectoryA
LeaveCriticalSection
lstrcatW
ReadFile
EnterCriticalSection
lstrcpyW
GetCurrentProcess
SetConsoleCommandHistoryMode
BeginUpdateResourceW
GetTickCount
GetFileSizeEx
GetWindowsDirectoryA
CreateFileW
GetProcessShutdownParameters
SetFirmwareEnvironmentVariableA
InitializeCriticalSection
FindFirstFileA
GetSystemDirectoryW
FreeResource
GetThreadIOPendingFlag
CopyFileA
SetVolumeLabelW
ReadConsoleW
SetTapePosition
VirtualAlloc
lstrcpyA
LZOpenFileW
GetConsoleFontInfo
lstrcatA
lstrcmpi
LZCloseFile
WritePrivateProfileStructA
GetCurrentThreadId
GetModuleFileNameA
DeleteFileW
DuplicateHandle
GetProcAddress
Module32FirstW
IsBadHugeReadPtr
CloseHandle
Sleep
OpenProcess
WriteFile
EndUpdateResourceA
GetModuleHandleA
FindNextFileA

advapi32

RegSetValueExA
AdjustTokenPrivileges
RegCreateKeyA
EnumServicesStatusA
RegCloseKey
RegQueryValueExA
LookupAccountSidW
LookupPrivilegeValueA
RegQueryInfoKeyA
OpenSCManagerA
SaferIdentifyLevel
ConvertSecurityDescriptorToStringSecurityDescriptorA
LsaOpenTrustedDomain
CloseServiceHandle
RegOpenKeyA
OpenProcessToken

ntdll

strncmp
RtlAnsiStringToUnicodeString
_chkstk
vsprintf
RtlInitAnsiString
sprintf
isspace
strlen
strstr
memcpy
wcsstr
NtQueryObject
ZwLoadDriver
tolower
memset
NtQuerySystemInformation
isdigit
RtlFreeUnicodeString

psapi

GetProcessImageFileNameA
EnumProcesses

ws2_32

WSAStartup
connect
htons
WSAGetOverlappedResult
select
htonl
listen
gethostbyname
WSAEnumProtocolsW
WSAJoinLeaf
socket
recv
__WSAFDIsSet
WSAGetServiceClassNameByClassIdW
send
closesocket

ole32

CoCreateGuid

user32

GetClassInfoExA
CharLowerW
ExitWindowsEx

Sections

.data
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 402B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

07fe6b6a9c4d16a131c29c915682a241

Headers

File Characteristics

Imports

shell32

kernel32

advapi32

ntdll

psapi

ws2_32

ole32

user32

Sections

.data Size: 21KB - Virtual size: 20KB

.text Size: 512B - Virtual size: 402B

.idata Size: 3KB - Virtual size: 3KB

.data
Size: 21KB - Virtual size: 20KB

.text
Size: 512B - Virtual size: 402B

.idata
Size: 3KB - Virtual size: 3KB