3d4d54249e82a9592fc154f20e570f0c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3d4d54249e82a9592fc154f20e570f0c_JaffaCakes118
Size

140KB
MD5

3d4d54249e82a9592fc154f20e570f0c
SHA1

d35935cdfba295108db2508cd770cd681f8b0b3b
SHA256

dbfd1cc47b5eeb93f743962ca3cf048218a4f417abb9aad20a4287584ce666ab
SHA512

3ed73e2675a46b516b4efdc342805e3375f9abe2cd3c9ad9808ee8b4dcd31cfbfe559c37c8000c207c4f0cb009cfc07003df8544ba0fb361f92fce7325b7f546
SSDEEP

3072:YP5KM5HYjgq3Gt8PzTEzGpIKilcmcFSPUqxtpog:YRHHhq3Gt8PkzGgcmcMPYg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3d4d54249e82a9592fc154f20e570f0c_JaffaCakes118

Files

3d4d54249e82a9592fc154f20e570f0c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2c468ca1a8f1452199b354e67bb3c2e3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord1158
ord823
ord922
ord389
ord5207
ord5356
ord2919
ord1988
ord5572
ord353
ord6385
ord1979
ord665
ord690
ord5683
ord5710
ord939
ord825
ord2818
ord6283
ord6282
ord941
ord2614
ord940
ord535
ord540
ord860
ord2763
ord6648
ord2915
ord537
ord2764
ord4129
ord4202
ord4277
ord858
ord800

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
?terminate@@YAXXZ
rand
atoi
_except_handler3
malloc
exit
strncmp
strncpy
strchr
strstr
sprintf
time
srand
__CxxFrameHandler
_mbscmp

kernel32

SetPriorityClass
GetCurrentProcess
lstrcatA
GetEnvironmentVariableA
GetShortPathNameA
GetCurrentThread
CopyFileA
GetModuleFileNameA
GetModuleHandleA
GetStartupInfoA
SetThreadPriority
CreateProcessA
ResumeThread
lstrlenA
CreateThread
WaitForSingleObject
WinExec
GetSystemDirectoryA
DeleteFileA
GetTempPathA
Process32Next
Process32First
Sleep
GetLastError
CreateToolhelp32Snapshot

user32

wsprintfA

advapi32

StartServiceCtrlDispatcherA
CreateServiceA
StartServiceA
RegOpenKeyA
RegSetValueExA
CloseServiceHandle
RegCloseKey
RegisterServiceCtrlHandlerA
SetServiceStatus
RegOpenKeyExA
OpenSCManagerA
OpenServiceA
DeleteService

shell32

ShellExecuteA

wininet

InternetCloseHandle
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenA
InternetOpenUrlA

ws2_32

recv
connect
inet_addr
htons
socket
closesocket
setsockopt
gethostbyname
inet_ntoa
WSAStartup
send

urlmon

URLDownloadToFileA

winmm

timeGetTime

Sections

.text
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tc
Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2c468ca1a8f1452199b354e67bb3c2e3

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

advapi32

shell32

wininet

ws2_32

urlmon

winmm

Sections

.text Size: 103KB - Virtual size: 103KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 5KB - Virtual size: 4KB

.tc Size: 26KB - Virtual size: 28KB

.text
Size: 103KB - Virtual size: 103KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 5KB - Virtual size: 4KB

.tc
Size: 26KB - Virtual size: 28KB