0ddb08e8ae391e59ca84f35a2ef3dc96_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0ddb08e8ae391e59ca84f35a2ef3dc96_JaffaCakes118
Size

536KB
MD5

0ddb08e8ae391e59ca84f35a2ef3dc96
SHA1

69ba0304993b2a3014749496e20bff7742f99693
SHA256

64a1cae3ae983a2ea95da03a761879e68730fa2ecee73e32e4b0e7a6933957ce
SHA512

bed77c28c7ba88c97e40de335bcd40b97603f503c596db36110138a300bef60779802c5b97ee431e7895defb228348b43a0a8ef16a3149a35d6f729231c324db
SSDEEP

12288:OMMnMMMMMULkZ9XqDTEZQVwjEOONaiZhd5dXOgryHrvEkUhOSZmXsaNRiB+Dv70:OMMnMMMMMOkAMQVwtVQeg2LspgsuRR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0ddb08e8ae391e59ca84f35a2ef3dc96_JaffaCakes118

Files

0ddb08e8ae391e59ca84f35a2ef3dc96_JaffaCakes118
.exe windows:4 windows x86 arch:x86

901fa902b810890c001e5ecc84d1b26e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

dnsapi

DnsReplaceRecordSetW

msvcrt

wcschr
free
malloc
wcscpy
wcslen
memmove
strlen
memcmp
wcscat
swprintf
memcpy
_initterm
_adjust_fdiv
memset
wcscmp
wcsncpy
_except_handler3
_wcsicmp

wmi

WmiNotificationRegistrationW

iphlpapi

NotifyAddrChange
NotifyRouteChange
GetAdaptersInfo
GetAdaptersAddresses

advapi32

SetServiceStatus
CryptGenRandom
CryptReleaseContext
RegOpenKeyExW
RegisterServiceCtrlHandlerW
CryptAcquireContextW
RegCloseKey
RegQueryValueExW
RegEnumValueW
RegEnumKeyExW

mswsock

GetAcceptExSockaddrs
AcceptEx

rtutils

TracePrintfExW
RouterLogDeregisterW
TraceRegisterExW
TraceDeregisterW
RouterLogRegisterW

ddraw

DirectDrawCreate

ws2_32

WSAIoctl
WSAEventSelect
WSAStringToAddressA
freeaddrinfo
WSARecvFrom
getaddrinfo
WSASendTo
WSALookupServiceBeginW
WSAAddressToStringA
getnameinfo
WSASocketW
WSALookupServiceNextW
WSALookupServiceEnd
WSAAddressToStringW

ole32

CoTaskMemFree
CoInitializeEx
CoCreateInstance
CoUninitialize

kernel32

ReadFile
InitializeCriticalSection
DeviceIoControl
DeleteTimerQueue
CreateMutexW
UnregisterWait
QueueUserWorkItem
CreateTimerQueueTimer
UnregisterWaitEx
WriteFile
QueryPerformanceCounter
SetLastError
GetCurrentThreadId
SetUnhandledExceptionFilter
DeleteCriticalSection
GetCurrentProcess
MultiByteToWideChar
TerminateProcess
GetCurrentProcessId
HeapReAlloc
CloseHandle
HeapCreate
LoadLibraryW
EnterCriticalSection
HeapAlloc
DeleteTimerQueueTimer
CreateFileW
VirtualAlloc
GetTickCount
GetProcAddress
ReleaseMutex
WideCharToMultiByte
CreateTimerQueue
InterlockedIncrement
InterlockedDecrement
SetEvent
BindIoCompletionCallback
FreeLibrary
GetComputerNameExW
DisableThreadLibraryCalls
GetLastError
WaitForSingleObject
Sleep
HeapFree
UnhandledExceptionFilter
CreateEventW
InterlockedExchange
ChangeTimerQueueTimer
GetSystemTimeAsFileTime
HeapDestroy
RegisterWaitForSingleObject
LeaveCriticalSection

ntdll

RtlAdjustPrivilege
RtlGUIDFromString
NtUnlockVirtualMemory

Sections

.text
Size: 4KB - Virtual size: 888B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 124KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rdata
Size: 312KB - Virtual size: 309KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

901fa902b810890c001e5ecc84d1b26e

Headers

File Characteristics

Imports

dnsapi

msvcrt

wmi

iphlpapi

advapi32

mswsock

rtutils

ddraw

ws2_32

ole32

kernel32

ntdll

Sections

.text Size: 4KB - Virtual size: 888B

.rsrc Size: 124KB - Virtual size: 121KB

.data Size: 84KB - Virtual size: 2.0MB

.reloc Size: 4KB - Virtual size: 64B

.rdata Size: 312KB - Virtual size: 309KB

.idata Size: 4KB - Virtual size: 3KB

.text
Size: 4KB - Virtual size: 888B

.rsrc
Size: 124KB - Virtual size: 121KB

.data
Size: 84KB - Virtual size: 2.0MB

.reloc
Size: 4KB - Virtual size: 64B

.rdata
Size: 312KB - Virtual size: 309KB

.idata
Size: 4KB - Virtual size: 3KB