041dcfe06c4938f9ebcc792389ef8ae5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

041dcfe06c4938f9ebcc792389ef8ae5_JaffaCakes118
Size

116KB
MD5

041dcfe06c4938f9ebcc792389ef8ae5
SHA1

cc999207d840c77c7dd2bc37db045da70058145e
SHA256

9eba518e55867fbef54fe442d78a36fa34128c8153e4a1ae40e5d0a9cd58c2a3
SHA512

1fba82b485c72410997bda47e907735403564a01ee5953aa2c4afd288de98ec3c65eeb621d8ab071ed39e160dc1937daef5ed8f3d5494f74bd28a8aa21b51eb5
SSDEEP

3072:OX3b0fNXeU5ngtBUNEA8YchW7v/FO9FViDLM8NVg:OX3b0flDngtBUCA8Ych+v/FgFViHM8A

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
041dcfe06c4938f9ebcc792389ef8ae5_JaffaCakes118

Files

041dcfe06c4938f9ebcc792389ef8ae5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

776e8900d0c89bd2d63571e090e2cfe0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

l:\projects\clamwin\0.90\clamav-win32\contrib\msvc\release\win32\freshclam.pdb

Imports

ws2_32

sendto
recvfrom
inet_addr
gethostbyname
htons
select
recv
getsockopt
ioctlsocket
connect
socket
getservbyname
closesocket
ntohs
send
bind

iphlpapi

GetNetworkParams

kernel32

GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
FreeLibrary
GetSystemTimeAsFileTime
SetConsoleCtrlHandler
Sleep
GetCurrentProcess
CreateFileMappingA
GetExitCodeThread
WaitForSingleObject
GetModuleFileNameA
FlushViewOfFile
GetCurrentThreadId
CloseHandle
GetCurrentProcessId
GetFileInformationByHandle
CreateThread
CreateFileA
MapViewOfFile
GetLastError
GetProcAddress
InterlockedExchange
LoadLibraryA
SetUnhandledExceptionFilter
SetErrorMode
GlobalFree
GlobalAlloc
GetCurrentThread
DuplicateHandle

advapi32

RegisterServiceCtrlHandlerA
RegOpenKeyExA
RegQueryValueExA
OpenServiceA
CloseServiceHandle
StartServiceCtrlDispatcherA
DeleteService
SetServiceStatus
CreateServiceA
RegCloseKey
OpenSCManagerA

libclamav

ord91
ord215
ord214
ord103
ord154
ord252
ord156
ord155
ord143
ord61
ord116
ord60
cw_perror
ord253
cw_rmdirs
ord72
ord250
ord52
ord127
ord115
ord364
ord90
ord104
cl_cvdverify
ord254
cl_load
ord108
cl_cvdfree
cl_cvdparse
cw_getaddrinfo
cw_gai_strerror
ord111
cw_freeaddrinfo
cl_cvdhead
cl_engine_free
ord138
ord92
cl_engine_new
ord70
ord102
cl_retflevel
cl_init
cl_debug
cl_strerror
cw_unlink
ord171
cw_stat
cw_strerror
ord163
ord172
ord160
ord170
ord71
ord251

msvcr80

_getcwd
memset
_open
malloc
_close
strstr
strftime
strchr
rename
fflush
sprintf
atoi
_write
_mkdir
_access
_chdir
_getpid
_umask
_spawnlp
strrchr
_mktime64
_strnicmp
_ctime64
_gmtime64
_lseek
realloc
memcpy
_controlfp_s
_invoke_watson
_except_handler4_common
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
_crt_debugger_hook
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
__initenv
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
fputs
_dup
calloc
_time64
strncmp
fputc
fgets
_strdup
srand
rand
clock
_setmode
_fileno
strncat
abort
sscanf
exit
system
fclose
free
printf
fopen
fprintf
__iob_func
_errno
qsort
strncpy
_fstat64i32
_read
_ftime64

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

776e8900d0c89bd2d63571e090e2cfe0

Headers

File Characteristics

PDB Paths

Imports

ws2_32

iphlpapi

kernel32

advapi32

libclamav

msvcr80

Sections

.text Size: 44KB - Virtual size: 41KB

.rdata Size: 36KB - Virtual size: 35KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 28KB - Virtual size: 27KB

.text
Size: 44KB - Virtual size: 41KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 28KB - Virtual size: 27KB