2c7c2ef9aa35f198e1d3ffd1801c9258_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2c7c2ef9aa35f198e1d3ffd1801c9258_JaffaCakes118
Size

379KB
MD5

2c7c2ef9aa35f198e1d3ffd1801c9258
SHA1

cae19e540f912bc34ed6420138424e96d2b15b35
SHA256

d2fdf1e7673c6580240ae01dbaca95943cc47a6bd82e42bc90ffc3be711c1339
SHA512

41155133973fa8661208aabfa385355c994a6358970b82205a681019f657ad5dc958587e74c89d4ce47b6068e08903134d83121c020547ab64308b07f8b884b3
SSDEEP

6144:PEg5EYmEHhnyH7xOc6H5c6HcT66vlm6NEPiLWATAnbsaf/bOj1VqO9AgdkfNiQvH:PrughnaJEPiLlsnnOhIQRQvGPeoW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2c7c2ef9aa35f198e1d3ffd1801c9258_JaffaCakes118

Files

2c7c2ef9aa35f198e1d3ffd1801c9258_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d02a683a58d24f4e4d0e1c96ec610b17

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSACleanup
socket
htons
ioctlsocket
connect
closesocket
send
recv
gethostbyname
WSAStartup

user32

GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
ShowWindow
CreateWindowExA
GetWindow
GetWindowTextLengthA
GetWindowTextA
SetTimer
DefWindowProcA
RegisterClassA
DestroyWindow
GetAsyncKeyState
KillTimer
FindWindowA
PostQuitMessage

advapi32

RegQueryValueExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
GetUserNameA
StartServiceCtrlDispatcherA
RegOpenKeyExA
RegSetValueExA
RegCloseKey
GetServiceDisplayNameA
CreateServiceA
StartServiceA
RegisterServiceCtrlHandlerA
SetServiceStatus
OpenSCManagerA
OpenServiceA
DeleteService
CloseServiceHandle

msvcrt

__set_app_type
__p__fmode
_controlfp
__p__commode
_adjust_fdiv
realloc
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
??2@YAPAXI@Z
atoi
memcpy
free
strrchr
strchr
strncpy
rand
_beginthread
__CxxFrameHandler
time
malloc
exit
strcpy
sprintf
strcat
memmove
strlen
abs
memset
_except_handler3
strstr
__setusermatherr
_strnicmp
_strlwr
_stricmp
_ltoa
_strrev

msvcirt

??0ifstream@@QAE@PBDHH@Z
??7ios@@QBEHXZ
??_Difstream@@QAEXXZ
?eof@ios@@QBEHXZ
?getline@istream@@QAEAAV1@PADHD@Z
?close@ifstream@@QAEXXZ
?openprot@filebuf@@2HB
??0ofstream@@QAE@PBDHH@Z
??6ostream@@QAEAAV0@PBD@Z
??_Dofstream@@QAEXXZ
?close@ofstream@@QAEXXZ

kernel32

SetErrorMode
lstrcmpiA
GetCommandLineA
GetModuleFileNameA
GetCurrentProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress
GetCurrentProcessId
FreeLibrary
GetEnvironmentVariableA
FindNextFileA
FindFirstFileA
GetComputerNameA
Process32Next
TerminateProcess
GetExitCodeProcess
OpenProcess
Process32First
CreateToolhelp32Snapshot
FindClose
lstrlenA
lstrcatA
GetSystemInfo
lstrcpyA
GetWindowsDirectoryA
SearchPathA
GetLocalTime
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GetStartupInfoA
CreateProcessA
WaitForSingleObject
Sleep
DeleteFileA
WriteFile
GetVersionExA
MoveFileA
GetFileTime
FileTimeToSystemTime
GetSystemTime
SetFilePointer
CreateFileA
ReadFile
CloseHandle
GetLastError

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d02a683a58d24f4e4d0e1c96ec610b17

Headers

File Characteristics

Imports

wsock32

user32

advapi32

msvcrt

msvcirt

kernel32

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 136KB

.rsrc Size: 4KB - Virtual size: 928B

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 136KB

.rsrc
Size: 4KB - Virtual size: 928B