3a9aaed32c558353dcdac0b3024bc102_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3a9aaed32c558353dcdac0b3024bc102_JaffaCakes118
Size

368KB
MD5

3a9aaed32c558353dcdac0b3024bc102
SHA1

8dcf3f8fd14dd9dad1370e8dbdd896a61855c831
SHA256

0640db0b129f91784c1d9d9aaeaaa5451dfda421b1df73cbf6f2977b732562c7
SHA512

665f60b3a0b75ad928fc788ff6636097baaebbad3ff2ba76d81a895f7265d56ff01807c2229a19c0e3ec750326e166816b3d15409e68a218ab545f19a66cfc0f
SSDEEP

6144:qrThKb6sIaVTR8PUOrNruenQBWV/lPFhftugPLkrw/1y:qrThrRaBiPUOrBuulPvl5P48/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3a9aaed32c558353dcdac0b3024bc102_JaffaCakes118

Files

3a9aaed32c558353dcdac0b3024bc102_JaffaCakes118
.exe windows:4 windows x86 arch:x86

fc4e0b359e18404cda0e2b0a95e01674

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSACloseEvent
ntohl
WSAGetLastError
send
WSAEventSelect
WSAStartup
gethostname
ioctlsocket
select
__WSAFDIsSet
gethostbyname
recvfrom
ntohs
sendto
connect
inet_ntoa
inet_addr
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
recv
accept
setsockopt
socket
htonl
htons
bind
listen
WSACreateEvent
closesocket

advapi32

ControlService
OpenServiceA
StartServiceA
QueryServiceStatus
OpenSCManagerA
CreateServiceA
ChangeServiceConfig2A
CloseServiceHandle
RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceCtrlDispatcherA
DeleteService

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysStringLen
SysAllocString
SysFreeString

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

kernel32

GetOEMCP
GetACP
GetCPInfo
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
IsBadCodePtr
LoadLibraryA
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetLocaleInfoW
InterlockedExchange
IsBadReadPtr
GetVersionExA
FreeEnvironmentStringsW
FreeEnvironmentStringsA
SetUnhandledExceptionFilter
GetModuleHandleA
GetProcAddress
UnhandledExceptionFilter
HeapSize
HeapReAlloc
HeapAlloc
GetStartupInfoA
GetStdHandle
SetHandleCount
SetEndOfFile
SetStdHandle
LeaveCriticalSection
EnterCriticalSection
TryEnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
MultiByteToWideChar
CreateEventA
CloseHandle
SetEvent
GetTickCount
WaitForSingleObject
GetDiskFreeSpaceExA
GetSystemDirectoryA
GetTempPathA
InterlockedDecrement
GetSystemTime
InterlockedIncrement
Sleep
CopyFileA
GetModuleFileNameA
QueryPerformanceCounter
LocalFree
LocalAlloc
GetLocalTime
WideCharToMultiByte
FindClose
FindNextFileA
FindFirstFileA
CreateProcessA
RtlUnwind
GetFileType
GetLastError
CreateFileA
CreateDirectoryA
MoveFileA
DeleteFileA
FlushFileBuffers
WriteFile
SetFilePointer
ReadFile
GetTimeZoneInformation
ResumeThread
CreateThread
TlsSetValue
TlsGetValue
ExitThread
GetSystemTimeAsFileTime
RaiseException
ExitProcess
TerminateProcess
GetCurrentProcess
GetCommandLineA
GetVersion
HeapFree
GetCurrentThreadId
TlsAlloc
SetLastError

Sections

.text
Size: 308KB - Virtual size: 307KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fc4e0b359e18404cda0e2b0a95e01674

Headers

File Characteristics

Imports

ws2_32

advapi32

ole32

oleaut32

version

kernel32

Sections

.text Size: 308KB - Virtual size: 307KB

.rdata Size: 28KB - Virtual size: 24KB

.data Size: 28KB - Virtual size: 49KB

.text
Size: 308KB - Virtual size: 307KB

.rdata
Size: 28KB - Virtual size: 24KB

.data
Size: 28KB - Virtual size: 49KB