2c28ccdb69c4a62ca703d9120d28e3f1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2c28ccdb69c4a62ca703d9120d28e3f1_JaffaCakes118
Size

29KB
MD5

2c28ccdb69c4a62ca703d9120d28e3f1
SHA1

191dd4c877be0ecaa881841bda9889ab8a1828a6
SHA256

66d1fd9617021e2b22e6bf479f75511b4ff75e0313d801bdbdd6afb8c25f558a
SHA512

93afeafe5ba0d0a590c3b6e53c917697ed3d69b555c5c4337dcc667845c3af6eb3f3acf1fd91d7286e6fb611dcb4a1e34b448c66e2575878a835c7cd8df0bad1
SSDEEP

768:OWAXUSnTPJbkv9sjzx5Ib66u8R0CVuUUl0SPZ4cZ2sNp:bcUSnTRbqql5IWf609Uch4dsNp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2c28ccdb69c4a62ca703d9120d28e3f1_JaffaCakes118

Files

2c28ccdb69c4a62ca703d9120d28e3f1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f39a05000c9f04a1282b225d011dc0b8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
Sleep
lstrcpyA
ReleaseMutex
OpenMutexA
SetThreadPriority
SetPriorityClass
WaitForSingleObject
ExitProcess
lstrlenA
CopyFileA
GetModuleFileNameA
GetTempPathA
GlobalMemoryStatus
GetVersionExA
GetLocaleInfoW
InterlockedExchange
HeapAlloc
GetProcessHeap
GetCurrentProcessId
GetStartupInfoA
VirtualAlloc
VirtualAllocEx
VirtualProtectEx
GetModuleHandleA
WriteProcessMemory
GetLastError
SetThreadContext
ResumeThread
TerminateProcess
CreateProcessA
GetThreadContext
ReadProcessMemory
VirtualQueryEx
CloseHandle
LoadLibraryA
GetProcAddress
FreeLibrary
lstrcmpiA

user32

GetDesktopWindow
ExitWindowsEx
wsprintfA

advapi32

RegOpenKeyA
RegSetValueExA
CloseServiceHandle
RegCloseKey
RegOpenKeyExA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus
OpenSCManagerA
OpenServiceA
DeleteService
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
CreateServiceA
RegQueryValueExA
StartServiceA

ws2_32

sendto
WSAStartup
htons
socket
connect
closesocket
htonl
inet_addr
gethostbyname
recv
send
setsockopt
WSAIoctl
WSASocketA
WSACleanup
shutdown

msvcrt

fopen
_strrev
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
_onexit
__dllonexit
malloc
sprintf
srand
_except_handler3
??3@YAXPAX@Z
strncpy
??2@YAPAXI@Z
fread
ftell
fseek
fclose
_strlwr
strstr
rand
atoi
strcspn
exit
strncmp

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f39a05000c9f04a1282b225d011dc0b8

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

msvcrt

Sections

.text Size: 20KB - Virtual size: 20KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 2KB - Virtual size: 8KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 20KB - Virtual size: 20KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 2KB - Virtual size: 8KB

.rsrc
Size: 1KB - Virtual size: 1KB