JaffaCakes118_1a3a7033d0e83c4c63faafb2d30dd2b8

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_1a3a7033d0e83c4c63faafb2d30dd2b8
Size

1.0MB
MD5

1a3a7033d0e83c4c63faafb2d30dd2b8
SHA1

487248366cbe4972dfda24ab59cb6702c59e1d9f
SHA256

3f3ccfa1c62a2f351d2b40b4f7c32c0df19159acd553085b601f6505c7e589fd
SHA512

b51e500f9b9c09e54e82009625d04f03ca6539f1abcb2b62c12c87e41aab9af916c02ff9965d435f99923e96a54fb06df4a72fa64136bddc5310da4750c0a1e8
SSDEEP

12288:zka9AJsjMNzMKsQ5/p3q2BQaGxhXIxOoNSi14a30:zFLYtbsedhG7XIxrSQ30

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_1a3a7033d0e83c4c63faafb2d30dd2b8

Files

JaffaCakes118_1a3a7033d0e83c4c63faafb2d30dd2b8
.exe windows:4 windows x86 arch:x86

e158a93d00438d839b096327eab381bd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\WORK2005\JMX_CommonServers\GatewayServer\GatewayServer___Win32_Release_SR_VIETNAM\GatewayServer.pdb

Imports

kernel32

Sleep
GetProcAddress
LoadLibraryA
FreeLibrary
lstrlenW
GetLastError
GetThreadLocale
GetVersionExA
GetACP
InterlockedExchange
GetLocaleInfoA
GetTickCount
EnterCriticalSection
MultiByteToWideChar
LeaveCriticalSection
DeleteCriticalSection
GetLocalTime
GlobalMemoryStatus
lstrlenA
WriteConsoleW
GetConsoleOutputCP
SetEnvironmentVariableA
CompareStringW
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetModuleFileNameA
PostQueuedCompletionStatus
CreateFileA
GetFileSize
ReadFile
CloseHandle
CompareStringA
GetSystemInfo
GetCurrentThreadId
InterlockedIncrement
CreateToolhelp32Snapshot
Process32First
GetCurrentProcessId
Process32Next
CreateTimerQueueTimer
DeleteTimerQueueTimer
SetEvent
WaitForSingleObject
CreateEventA
CreateThread
CreateSemaphoreA
GetCurrentProcess
SetUnhandledExceptionFilter
CreateIoCompletionPort
GetQueuedCompletionStatus
SetConsoleCtrlHandler
SetConsoleMode
SetConsoleTextAttribute
WriteConsoleA
AllocConsole
GetConsoleWindow
GetStdHandle
WideCharToMultiByte
TerminateThread
GetUserDefaultLangID
MulDiv
GetTimeFormatA
GetDateFormatA
FileTimeToLocalFileTime
FileTimeToSystemTime
GlobalAlloc
GlobalLock
GlobalUnlock
lstrcmpiA
InterlockedDecrement
ResetEvent
GetCurrentThread
IsDebuggerPresent
ExitProcess
GetWindowsDirectoryA
ReleaseSemaphore
InitializeCriticalSection
QueryPerformanceFrequency
QueryPerformanceCounter
ResumeThread
SuspendThread
OutputDebugStringA
SetEndOfFile
WriteFile
UnmapViewOfFile
FlushViewOfFile
CreateFileMappingA
MapViewOfFile
FlushFileBuffers
SetFilePointer
CreateDirectoryA
SleepEx
FlushInstructionCache
SetThreadPriority
GetSystemTimeAsFileTime
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoA
TerminateProcess
UnhandledExceptionFilter
GetTimeZoneInformation
ExitThread
RaiseException
RtlUnwind
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCPInfo
GetOEMCP
IsValidCodePage
HeapSize
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
VirtualFree
FatalAppExitA
VirtualAlloc
HeapReAlloc
GetLocaleInfoW
GetConsoleCP

user32

SetCapture
SetCursor
ReleaseCapture
GetSystemMetrics
CreatePopupMenu
AppendMenuA
ReleaseDC
CheckMenuItem
LoadIconA
GetCursorPos
ScreenToClient
TrackPopupMenu
BeginPaint
DestroyMenu
GetSysColor
IntersectRect
EndPaint
DrawIcon
InflateRect
SetRect
LoadCursorA
CopyRect
GetSubMenu
GetMenu
PtInRect
DefWindowProcA
LoadMenuA
SetTimer
RegisterClassA
CreateWindowExA
DestroyWindow
PostQuitMessage
SetWindowPos
GetDC
GetWindowRect
GetClientRect
GetParent
RedrawWindow
AdjustWindowRect
GetWindowLongA
MoveWindow
DrawTextA
GetClassNameA
EnumChildWindows
EnableWindow
GetDlgItem
GetWindowTextA
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
DialogBoxParamA
CreateDialogParamA
GetDesktopWindow
EndDialog
SetDlgItemInt
GetDlgItemInt
SetDlgItemTextA
GetDlgItemTextA
UnionRect
SendMessageA
SetForegroundWindow
SetWindowTextA
DispatchMessageA
TranslateMessage
PeekMessageA
IsWindow
PostMessageA
UpdateWindow
OffsetRect
ShowWindow
MessageBoxA
CharNextA

ws2_32

accept
connect
bind
getsockname
WSACreateEvent
setsockopt
WSARecv
WSAIoctl
shutdown
listen
WSAGetLastError
WSASocketA
closesocket
inet_addr
getpeername
gethostbyname
sendto
getsockopt
WSASend
WSAStartup
WSACleanup
recvfrom
inet_ntoa
ntohs
WSACloseEvent
WSAResetEvent
ioctlsocket
WSAWaitForMultipleEvents
WSAGetOverlappedResult
WSASetEvent
htons
WSASendTo
socket
WSARecvFrom

wininet

InternetOpenUrlA
InternetOpenA
InternetQueryDataAvailable
InternetReadFile
InternetCloseHandle

shlwapi

UrlEscapeA

iphlpapi

GetAdaptersInfo
GetIpAddrTable

gdi32

LineTo
Ellipse
GetStockObject
MoveToEx
CreateSolidBrush
GetDeviceCaps
SetTextAlign
RoundRect
Rectangle
SetTextColor
GetTextExtentPoint32A
BitBlt
SetBkMode
DeleteDC
SelectObject
CreateCompatibleBitmap
CreateFontA
CreateCompatibleDC
DeleteObject
CreatePen
SetPixel
GetNearestColor
SetBkColor
TextOutA

advapi32

ReportEventA
DeleteService
StartServiceCtrlDispatcherA
SetServiceStatus
RegisterServiceCtrlHandlerA
RegisterEventSourceA
DeregisterEventSource
OpenSCManagerA
CreateServiceA
CloseServiceHandle
OpenServiceA
ControlService

ole32

CoCreateGuid

odbc32

ord36
ord40
ord76
ord11
ord72
ord26
ord30
ord4
ord29
ord50
ord13
ord61
ord18
ord8
ord43
ord16
ord31
ord41
ord75
ord24

Sections

.text
Size: 852KB - Virtual size: 849KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rmnet
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e158a93d00438d839b096327eab381bd

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

ws2_32

wininet

shlwapi

iphlpapi

gdi32

advapi32

ole32

odbc32

Sections

.text Size: 852KB - Virtual size: 849KB

.rdata Size: 124KB - Virtual size: 123KB

.data Size: 20KB - Virtual size: 296KB

.rsrc Size: 4KB - Virtual size: 176B

.rmnet Size: 60KB - Virtual size: 60KB

.text
Size: 852KB - Virtual size: 849KB

.rdata
Size: 124KB - Virtual size: 123KB

.data
Size: 20KB - Virtual size: 296KB

.rsrc
Size: 4KB - Virtual size: 176B

.rmnet
Size: 60KB - Virtual size: 60KB