2bc722ef49a1925935bf520954623c41_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2bc722ef49a1925935bf520954623c41_JaffaCakes118
Size

208KB
MD5

2bc722ef49a1925935bf520954623c41
SHA1

8d14e491bfd5f5dc6f1179b8b40fca2994214dba
SHA256

d20ac0f1541278a48b852a9d5ac7754fa96296cee38d7356f5f407a9f47baa10
SHA512

7fe9e5b3ccda08b7896efc3d61545cd4f4f8157ec51bac08a5822345ba41624d482f54b89674ff9803dd2f011e57914811cf3f3afe85a5df79ba0913b746c946
SSDEEP

6144:WdZgfAxKxCQMLRPOxyxd/fuARXblL9MzMhd/kalVhhDeVyxh//8uY+nvOSwHMYD6:Bsq0GsruRDtTe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2bc722ef49a1925935bf520954623c41_JaffaCakes118

Files

2bc722ef49a1925935bf520954623c41_JaffaCakes118
.exe windows:4 windows x86 arch:x86

390691d5818245ccdae175d3620a8b5b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSACleanup
WSAStartup
gethostbyname
gethostname
closesocket
WSAIoctl
WSACancelAsyncRequest
socket
bind
htons
sendto
ntohs
WSAGetLastError
recvfrom
getsockname
shutdown
recv
send
connect

psapi

EnumProcessModules
GetModuleFileNameExA
GetModuleBaseNameA

kernel32

CreateFileA
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
FindClose
FindFirstFileA
Process32Next
Process32First
FreeLibrary
GetProcAddress
LoadLibraryA
CreateEventA
ReadFile
WaitForSingleObject
GetModuleFileNameA
CreateThread
WriteFile
ResetEvent
WaitForMultipleObjects
SetFilePointer
GetShortPathNameA
TerminateProcess
OpenProcess
CreateDirectoryA
GetFileSize
GetTickCount
SetFileAttributesA
GetFileAttributesA
DeleteFileA
SetEvent
OpenEventA
CloseHandle
WideCharToMultiByte
GetLocaleInfoW
LocalHandle
GetLocaleInfoA
FindAtomA
TlsFree
Sleep
TerminateThread
GetStartupInfoA
GetModuleHandleA
GlobalAlloc
GlobalFree
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
HeapLock
HeapWalk
HeapUnlock
HeapFree
HeapAlloc
HeapDestroy
InitializeCriticalSection
GetExitCodeThread
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
FindNextFileA
GetCurrentProcessId
GetLongPathNameA
GetVolumeInformationA
GetDriveTypeA
CreateProcessA
DuplicateHandle
GetCurrentProcess
CreatePipe
GetExitCodeProcess
HeapCreate

user32

GetDesktopWindow
GetWindow
GetWindowThreadProcessId
PostMessageA
GetWindowTextA
GetMessageA
PostThreadMessageA
FindWindowA
GetSystemMetrics
DestroyWindow
SetWindowPos
SendMessageA
GetWindowLongA
IsWindow

gdi32

CreateDCA
BitBlt
GetObjectA
GetBkColor
CreateCompatibleDC
CreateCompatibleBitmap
GetDIBits

advapi32

RegOpenKeyExA
RegEnumValueA
RegQueryInfoKeyA
RegCloseKey

shell32

ShellExecuteA
ExtractAssociatedIconA
SHFileOperationA

ole32

CoInitialize
CoUninitialize
CoCreateGuid
StringFromGUID2
CLSIDFromProgID

gdiplus

GdipGetImageEncoders
GdiplusStartup
GdipGetImageEncodersSize
GdipDisposeImage
GdipSaveImageToFile
GdipLoadImageFromFile
GdipFree
GdiplusShutdown
GdipCloneImage
GdipAlloc

mfc42

ord3571
ord3626
ord2414
ord640
ord665
ord1979
ord5186
ord354
ord5785
ord1641
ord1640
ord323
ord800
ord1601
ord537
ord3663

msvcrt

_purecall
malloc
pow
free
wcscmp
_strupr
_strset
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_ftol
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
__dllonexit
_onexit
_controlfp
rand
srand
memcmp
strchr
memcpy
strlen
strrchr
_CxxThrowException
memset
strcpy
strstr
strcmp
__CxxFrameHandler
sprintf
_acmdln

winmm

timeKillEvent
timeSetEvent

avicap32

capCreateCaptureWindowA
capGetDriverDescriptionA

Sections

.text
Size: 160KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

390691d5818245ccdae175d3620a8b5b

Headers

File Characteristics

Imports

ws2_32

psapi

kernel32

user32

gdi32

advapi32

shell32

ole32

gdiplus

mfc42

msvcrt

winmm

avicap32

Sections

.text Size: 160KB - Virtual size: 157KB

.rdata Size: 28KB - Virtual size: 26KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 12KB - Virtual size: 9KB

.text
Size: 160KB - Virtual size: 157KB

.rdata
Size: 28KB - Virtual size: 26KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 12KB - Virtual size: 9KB