0c07ef3d435c5959d52cf7b6aa502b49_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0c07ef3d435c5959d52cf7b6aa502b49_JaffaCakes118
Size

351KB
MD5

0c07ef3d435c5959d52cf7b6aa502b49
SHA1

e4896ab4dce9081c8d72a456448ee6b7b52187ec
SHA256

dc94f177ec7757b192105f95a0d0e0ed3b91eae73e79643d6f5ab18c763ec446
SHA512

1d12aeb40b881c0e71ca410d21df902d879ca80dcaea738fee0584166c9557b27bd56c15539061ca4194f82e62ffb29844bc8190b342e357a84663d527326f59
SSDEEP

6144:9mgUAImILJ1tWrtva+A6/zoMBMhRBFQu2Tr/YkhoL1APbUv+EhDY:9lnL0HdMBsBFdnOoJtfS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0c07ef3d435c5959d52cf7b6aa502b49_JaffaCakes118

Files

0c07ef3d435c5959d52cf7b6aa502b49_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a6dd3862c346950f3329a1442cf5f32b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
_iob
?terminate@@YAXXZ
_except_handler3
??1type_info@@UAE@XZ
_onexit
__dllonexit
fflush
sprintf
strchr
isdigit
calloc
printf
perror
_errno
strerror
wcstombs
mbstowcs
wcscpy
tolower
fgets
fprintf
_ftol
??3@YAXPAX@Z
_purecall
??2@YAPAXI@Z
strstr
strcat
ferror
feof
__p__commode
fputc
wcscat
_snprintf
strtok
rand
srand
fwrite
fopen
fseek
ftell
fread
fclose
malloc
free
exit
strncat
strncmp
atof
memcmp
strcmp
strcpy
system
atoi
memmove
memset
memcpy
strncpy
__CxxFrameHandler
strlen
_vsnprintf
??0exception@@QAE@ABV0@@Z
_CxxThrowException
??1exception@@UAE@XZ
??0exception@@QAE@XZ
realloc
time
__p__fmode
__set_app_type
sscanf
_controlfp

gdi32

SelectObject
GetDIBits
CreateCompatibleBitmap
GetDeviceCaps
CreateDCA
CreateCompatibleDC
BitBlt

kernel32

TerminateThread
CreateThread
GetStartupInfoA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GetDiskFreeSpaceExA
GetLogicalDrives
GetDriveTypeA
TransactNamedPipe
FindFirstFileA
FindNextFileA
FindClose
GetCurrentThread
GetCurrentProcess
OpenProcess
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
VirtualFreeEx
CreateEventA
GetTempPathA
MultiByteToWideChar
MoveFileA
CreateDirectoryA
RemoveDirectoryA
CreateMutexA
WaitForSingleObject
GetLastError
CopyFileA
GetModuleFileNameA
GetStdHandle
AllocConsole
FreeConsole
DebugBreak
QueryPerformanceCounter
QueryPerformanceFrequency
GetTickCount
GetProcAddress
LoadLibraryA
GetModuleHandleA
Sleep
ReadFile
SetFilePointer
CloseHandle
GetFileSize
CreateFileA
FreeLibrary
GlobalFree
WriteFile
GlobalAlloc
InterlockedExchange
ExitProcess
GetWindowsDirectoryA
DeleteFileA
GetSystemDirectoryA
CreateProcessA
ExpandEnvironmentStringsA
GetComputerNameA
GetVersionExA
GlobalMemoryStatus
TerminateProcess
WaitNamedPipeA
CreateNamedPipeA

user32

wsprintfA
ReleaseDC
ExitWindowsEx

advapi32

RegQueryValueExA
RegSetValueExA
CryptGenRandom
CryptAcquireContextA
RegOpenKeyExA
GetUserNameA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCreateKeyExA
ChangeServiceConfig2A
CloseServiceHandle
CreateServiceA
RegDeleteValueA
RegQueryInfoKeyA
RegEnumKeyExA
DeleteService
ControlService
EnumServicesStatusA
RegCloseKey
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceA
OpenServiceA
OpenSCManagerA

shell32

ShellExecuteA
SHGetDiskFreeSpaceExA

ws2_32

getsockname
bind
htons
socket
inet_ntoa
shutdown
setsockopt
WSAStartup
connect
listen
gethostbyname
ntohs
ntohl
select
closesocket
accept
send
recv
sendto
recvfrom
__WSAFDIsSet
ioctlsocket
WSAGetLastError
gethostname
WSACleanup
getpeername
gethostbyaddr
inet_addr

netapi32

NetUseDel
NetUserEnum
NetShareEnum
NetApiBufferFree
NetUseAdd
NetRemoteTOD
NetScheduleJobAdd

mpr

WNetAddConnection2W
WNetCancelConnection2A
WNetAddConnection2A
WNetCancelConnection2W

psapi

EnumProcessModules
EnumProcesses
GetModuleBaseNameA

odbc32

ord24
ord41
ord11
ord31
ord75
ord9

dnsapi

DnsQuery_A

Sections

.data
Size: 324KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.syvndfq
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a6dd3862c346950f3329a1442cf5f32b

Headers

File Characteristics

Imports

msvcrt

gdi32

kernel32

user32

advapi32

shell32

ws2_32

netapi32

mpr

psapi

odbc32

dnsapi

Sections

.data Size: 324KB - Virtual size: 324KB

.syvndfq Size: 16KB - Virtual size: 16KB

Size: 9KB - Virtual size: 9KB

.data
Size: 324KB - Virtual size: 324KB

.syvndfq
Size: 16KB - Virtual size: 16KB