09b1807cdb3f5cbcf8a55c1cd938cbe5_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

09b1807cdb3f5cbcf8a55c1cd938cbe5_JaffaCakes118
Size

136KB
MD5

09b1807cdb3f5cbcf8a55c1cd938cbe5
SHA1

a94222d179f0edbbba061dbc0421ca4d7f5de9d5
SHA256

af9f78056fe34fe4354d146ad4e636fc81449f8bdfc3223782a7d30a3983b754
SHA512

11823e2eb5712d80df65842ed4ca5cf06d5481a7934176bebf62198e8432b4fa887e659adce27c64e270cb6aa0f6c775016c90ff932a4cbdd1543bfd7dcd3b68
SSDEEP

3072:9NHSMjOqVnXxnZn6EL/JydsYsJiHEcxXzO3:9NHSMjOixfNAsYS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
09b1807cdb3f5cbcf8a55c1cd938cbe5_JaffaCakes118

Files

09b1807cdb3f5cbcf8a55c1cd938cbe5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

864ced3193fc57cf62b819c7c03ac4ad

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
VirtualFree
WaitForMultipleObjects
VirtualAlloc
GetComputerNameA
GetPrivateProfileIntA
lstrcmpA
CreateThread
ResetEvent
InterlockedExchange
InterlockedDecrement
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
CreateFileMappingA
GetVersionExA
lstrcpynA
GetStartupInfoA
GetCurrentThreadId
InterlockedIncrement
GetProcAddress
CreateEventA
Beep
GetModuleHandleA
OutputDebugStringA
LoadLibraryA
FreeLibrary
GetVersion
GetPrivateProfileStringA
GlobalFindAtomA
GlobalDeleteAtom
GlobalAddAtomA
WinExec
GetFileSize
DeleteFileA
GetLastError
MoveFileA
GetModuleFileNameA
WaitForSingleObject
CreateFileA
SetFilePointer
lstrlenA
WriteFile
ReleaseMutex
GetLocalTime
lstrcatA
CreateMutexA
MapViewOfFile
CloseHandle
lstrcpyA
SetEvent
Sleep
UnmapViewOfFile
OpenEventA
OpenFileMappingA
InitializeCriticalSection

user32

ShowWindow
TrackPopupMenu
GetSubMenu
SetFocus
LoadIconA
MessageBoxA
DestroyMenu
wsprintfA
LoadImageA
GetDlgItem
EnableMenuItem
DialogBoxParamA
FindWindowA
SetWindowTextA
SendMessageA
EnableWindow
LoadMenuA
SetForegroundWindow
GetCursorPos
SetCursor
LoadCursorA
UpdateWindow
EndDialog
KillTimer
SetTimer
EndPaint
DrawIcon
GetClientRect
GetSystemMetrics
BeginPaint
IsIconic
PostMessageA
DispatchMessageA
TranslateMessage
TranslateAcceleratorA
GetMessageA
LoadAcceleratorsA
RegisterClassExA
CreateWindowExA
DestroyWindow
DefWindowProcA
DrawTextA
LoadStringA
PostQuitMessage

gdi32

DeleteObject

advapi32

RegCreateKeyA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegDeleteValueA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus
DeregisterEventSource
ReportEventA
RegisterEventSourceA
CreateServiceA
DeleteService
CloseServiceHandle
OpenServiceA
OpenSCManagerA
QueryServiceStatus
ControlService
StartServiceA
ChangeServiceConfigA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

shell32

Shell_NotifyIconA

netapi32

Netbios

wsock32

ntohl
listen
accept
htons
bind
inet_addr
ntohs
send
recv
socket
WSAGetLastError
setsockopt
sendto
select
recvfrom
closesocket
WSAStartup
WSACleanup
htonl

comctl32

ord17
ord6

hid

HidD_GetHidGuid
HidP_GetCaps
HidD_GetPreparsedData
HidD_SetFeature
HidD_GetFeature
HidD_FlushQueue
HidD_GetSerialNumberString
HidD_GetProductString
HidD_GetAttributes
HidD_FreePreparsedData

setupapi

SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA
SetupDiGetDeviceInterfaceDetailA
SetupDiDestroyDeviceInfoList

msvcrt

_vsnprintf
__CxxFrameHandler
_access
fopen
fseek
ftell
malloc
fread
fclose
free
rand
_mbsnbcpy
??2@YAPAXI@Z
time
srand
_stricmp
__p___argv
__p___argc
strncpy
sprintf
strncmp
strrchr
_except_handler3
vsprintf
??3@YAXPAX@Z
sscanf
memcpy
memset
__dllonexit
_onexit
_exit
_XcptFilter
_controlfp
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
atoi

Exports

Exports

_Rockey@36

Sections

.text
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

864ced3193fc57cf62b819c7c03ac4ad

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

netapi32

wsock32

comctl32

hid

setupapi

msvcrt

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 48KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 12KB - Virtual size: 48KB

.CRT Size: 4KB - Virtual size: 8B

.rsrc Size: 56KB - Virtual size: 52KB

.text
Size: 52KB - Virtual size: 48KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 12KB - Virtual size: 48KB

.CRT
Size: 4KB - Virtual size: 8B

.rsrc
Size: 56KB - Virtual size: 52KB