36c466d83a5d08456022501b58e4731d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

36c466d83a5d08456022501b58e4731d_JaffaCakes118
Size

516KB
MD5

36c466d83a5d08456022501b58e4731d
SHA1

0ee9cdad17222ef091b47628df5799856d4ab581
SHA256

152eb0d467826056261459bc3f19622c1f03ac7c5f80db936261807870c4e5d7
SHA512

1a65d6d327bf704eecf53cb573302e41e4665001ad7a1ec1269dab81062bdc863d07b2aeb4b61bdf90749d0e1c3b8fa86194213d800221cfe0c8b1f7a22f1665
SSDEEP

6144:FrnfFg5u498VsxJtp686UjWDnbCbEeiwqLTbIz+umsI:Frnd0UsRp68V6rj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
36c466d83a5d08456022501b58e4731d_JaffaCakes118

Files

36c466d83a5d08456022501b58e4731d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

481f0d5d9e23ce6ccb7249ceecfdfa4f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

recv
listen
accept
WSAStartup
WSAIoctl
gethostbyaddr
inet_addr
socket
gethostbyname
WSAGetLastError
htons
connect
send
bind
shutdown
setsockopt
getsockname
sendto
recvfrom
gethostname
closesocket

mfc42u

ord4621
ord4419
ord3592
ord324
ord4075
ord3074
ord825
ord6211
ord3087
ord2810
ord927
ord537
ord641
ord922
ord800
ord538
ord5949
ord6195
ord540
ord4229
ord2644
ord1662
ord643
ord3951
ord5978
ord4131
ord329
ord6218
ord1143
ord1165
ord2506
ord5947
ord1771
ord2859
ord858
ord5977
ord4219
ord3090
ord3092
ord4050
ord2634
ord4124
ord861
ord3494
ord2507
ord2910
ord355
ord4215
ord2576
ord3649
ord3658
ord2430
ord6266
ord6868
ord1637
ord4532
ord2637
ord4704
ord6921
ord6919
ord4470
ord2371
ord6771
ord1768
ord5286
ord3397
ord4418
ord3605
ord567
ord656
ord2294
ord3749
ord3826
ord3820
ord3614
ord2235
ord5871
ord1105
ord823
ord2854
ord1197
ord4294
ord6193
ord755
ord470
ord3621
ord2406
ord6871
ord5679
ord535
ord942
ord940
ord4199
ord3093
ord4272
ord4198
ord2756
ord4197
ord5568
ord860
ord6640
ord6770
ord6920
ord6918
ord4273
ord6655
ord6219
ord2776
ord3568
ord1634
ord4667
ord4269
ord6371
ord4480
ord2546
ord2504
ord3825
ord3917
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord2717
ord4074
ord4692
ord5303
ord5285
ord5710
ord4616
ord3733
ord561
ord815
ord5939
ord2613
ord6003
ord3993
ord6882
ord3991
ord6898
ord6670
ord3297
ord3281
ord6654
ord2755
ord3296
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5273
ord2116
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord5276
ord4347
ord6370
ord5157
ord2377
ord5237
ord4401
ord1767
ord4073
ord6048
ord4992
ord4847
ord4370
ord5261
ord3748
ord925
ord6051
ord5727
ord1569

msvcrt

__dllonexit
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
_XcptFilter
_exit
system
_wremove
fprintf
_except_handler3
wprintf
fwprintf
wcsncpy
clock
_wstat
fseek
_wcsicmp
_wfopen
fclose
fgetpos
fread
swscanf
fwrite
_wchmod
exit
swprintf
wcscat
malloc
_ftol
sprintf
wcscmp
wcscpy
wcslen
__CxxFrameHandler
_onexit

kernel32

GlobalUnlock
Sleep
IsBadReadPtr
GetWindowsDirectoryW
GetVersionExW
GetSystemDirectoryW
CopyFileW
GetModuleFileNameW
GetModuleHandleW
CreateDirectoryW
DeleteFileW
IsBadWritePtr
GetLocalTime
GetLastError
FindClose
FindFirstFileW
MultiByteToWideChar
WideCharToMultiByte
CloseHandle
FlushFileBuffers
WriteFile
SetFilePointer
CreateFileW
TerminateProcess
ReadFile
PeekNamedPipe
GetExitCodeProcess
CreateProcessW
CreatePipe
LeaveCriticalSection
EnterCriticalSection
LockResource
LoadResource
SizeofResource
FindResourceW
OutputDebugStringW
InitializeCriticalSection
DeleteCriticalSection
GetTempPathW
GetStartupInfoW
GlobalLock

user32

InsertMenuW
CreateMenu
SendMessageW
AppendMenuW
SetTimer
KillTimer
GetDC
GetSystemMetrics
GetForegroundWindow
MessageBoxW
EnableWindow
GetParent
GetWindowRect
IsZoomed
SetMenu
DrawIcon
IsIconic
PostMessageW
SetForegroundWindow
GetCursorPos
EnableMenuItem
ClientToScreen
SetDlgItemTextA
GetDlgItemTextA
LoadIconW
GetWindowLongW
RedrawWindow
GetClientRect
GetDlgItem

gdi32

CreateSolidBrush
SetDIBits
CreateCompatibleBitmap

advapi32

CreateServiceW
RegDeleteKeyW
RegDeleteValueW
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
SetServiceStatus
OpenServiceW
DeleteService
OpenSCManagerW
RegQueryValueExW
CloseServiceHandle
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegCloseKey

shell32

SHGetMalloc
ShellExecuteW
SHGetSpecialFolderLocation
Shell_NotifyIconW
SHGetPathFromIDListW

ole32

CoInitialize
CoCreateInstance
CoUninitialize

Sections

.text
Size: 144KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 324KB - Virtual size: 322KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

481f0d5d9e23ce6ccb7249ceecfdfa4f

Headers

File Characteristics

Imports

ws2_32

mfc42u

msvcrt

kernel32

user32

gdi32

advapi32

shell32

ole32

Sections

.text Size: 144KB - Virtual size: 141KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 20KB - Virtual size: 19KB

.rsrc Size: 324KB - Virtual size: 322KB

.text
Size: 144KB - Virtual size: 141KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 20KB - Virtual size: 19KB

.rsrc
Size: 324KB - Virtual size: 322KB