0ae13215c5658e3ffddc0f00f2b074f8_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0ae13215c5658e3ffddc0f00f2b074f8_JaffaCakes118
Size

2.8MB
MD5

0ae13215c5658e3ffddc0f00f2b074f8
SHA1

4ed242a3be91443a21a8539af5f5991c76de3a59
SHA256

bd04f8c8259601d89a7bc2fcb243a11db8d8443f2162af607a8e68f073ec0a2e
SHA512

35a336cba07c9568feb05228a0d3d2aaf469ea6be9b000eb38f6eba1847fb41dbe9feb719db339c0b317086b08074eb6571e01157e8bd6f40fb399efeb54b466
SSDEEP

768:TtyYcpYEmtz0O5ZGsSCcHDTnHPvH368widvD3bHYSyobM6Fd56K:grGt5ZGsSJHDTnHPvH368pD3b4Syh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0ae13215c5658e3ffddc0f00f2b074f8_JaffaCakes118

Files

0ae13215c5658e3ffddc0f00f2b074f8_JaffaCakes118
.exe windows:1 windows x86 arch:x86

5ded618612757132417be3630adf1a03

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

htons
inet_addr
recv
send
socket
gethostname
WSAAsyncSelect
closesocket
WSAStartup
WSACleanup
connect

kernel32

FillConsoleOutputAttribute
FillConsoleOutputCharacterA
FlushConsoleInputBuffer
FlushFileBuffers
GetCommandLineA
GetConsoleMode
GetConsoleScreenBufferInfo
GetCurrentProcess
GetDiskFreeSpaceA
GetDriveTypeA
GetLastError
GetModuleFileNameA
GetModuleHandleA
CloseHandle
GetProcAddress
GetProcessHeap
GetStdHandle
GetTickCount
GetVolumeInformationA
GlobalMemoryStatus
HeapAlloc
LoadLibraryA
LocalAlloc
OpenProcess
Process32First
Process32Next
ReadConsoleA
CreateFileA
ReadConsoleOutputA
ReadConsoleOutputW
ReadConsoleW
ReadFile
RtlUnwind
ScrollConsoleScreenBufferA
SetConsoleCursorInfo
SetConsoleCursorPosition
SetConsoleMode
SetConsoleTextAttribute
TerminateProcess
TerminateThread
CreatePipe
CreateProcessA
WriteConsoleA
WriteConsoleOutputA
WriteConsoleOutputW
WriteConsoleW
WriteFile
lstrlenA
lstrlenW
CreateThread
CreateToolhelp32Snapshot

user32

GetWindowTextA
GetParent
GetWindowThreadProcessId
LoadCursorA
LoadIconA
RegisterClassA
GetMessageA
TranslateMessage
DispatchMessageA
PostQuitMessage
EnumWindows
CreateWindowExA
DefWindowProcA

advapi32

LookupAccountSidA
LookupPrivilegeValueA
ChangeServiceConfigA
CloseServiceHandle
ControlService
CreateServiceA
DeleteService
EnumServicesStatusExA
LockServiceDatabase
OpenSCManagerA
OpenServiceA
QueryServiceConfigA
QueryServiceConfig2A
QueryServiceStatus
QueryServiceStatusEx
StartServiceA
UnlockServiceDatabase
OpenProcessToken
GetTokenInformation
AdjustTokenPrivileges
GetLengthSid
CopySid
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
GetCurrentHwProfileA

crtdll

__GetMainArgs
atoi
exit
free
malloc
memset
printf
raise
signal
sprintf
sscanf
strchr
strcmp
strcpy
strlen
strncmp
strrchr
strstr

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5ded618612757132417be3630adf1a03

Headers

File Characteristics

Imports

ws2_32

kernel32

user32

advapi32

crtdll

Sections

.text Size: 14KB - Virtual size: 14KB

.bss Size: - Virtual size: 3KB

.data Size: 5KB - Virtual size: 5KB

.idata Size: 3KB - Virtual size: 3KB

.rsrc Size: 2.8MB - Virtual size: 2.8MB

.text
Size: 14KB - Virtual size: 14KB

.bss
Size: - Virtual size: 3KB

.data
Size: 5KB - Virtual size: 5KB

.idata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 2.8MB - Virtual size: 2.8MB