JaffaCakes118_b4bcbca7153a11db9cf6e8d44e757b31

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_b4bcbca7153a11db9cf6e8d44e757b31
Size

273KB
MD5

b4bcbca7153a11db9cf6e8d44e757b31
SHA1

7fa622ca7391ff5cb2081f59242c8d4557043d4a
SHA256

d0503f1aaf4009f3388edb84d3f3ff9eadb946b7d762b8801f3c3f4fceb7cac0
SHA512

fb19bc2f88dc141e07f90e3bad2fbdd23293df6ba7035b96a17afe655a859d93ce3b0b3d6a2d97fd9f3ed46968ea09b0ba1fa135b4b697466d18bb5e39b66f34
SSDEEP

6144:LAe1anwI/XIIGy02QX7XJby1r2wEvC/bZTr4m971w1zhwz:LAe1awI/XTGyf27XJ+1r2wdtV1W1zU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_b4bcbca7153a11db9cf6e8d44e757b31

Files

JaffaCakes118_b4bcbca7153a11db9cf6e8d44e757b31
.exe windows:4 windows x86 arch:x86

2bdedc434c0e2df1206d7702bc711a18

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

iphlpapi

GetAdaptersInfo
GetNetworkParams

user32

MessageBoxA

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance
OleRun

ws2_32

socket
WSACleanup
WSAStartup
connect
send
ntohl
htonl
closesocket
ioctlsocket
inet_addr
htons
recv

advapi32

RegOpenKeyExW
StartServiceW
RegCreateKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ControlService
OpenServiceA
OpenSCManagerW
RegDeleteValueW
SetServiceStatus
GetSecurityDescriptorSacl
RegEnumValueW
InitializeSecurityDescriptor
StartServiceCtrlDispatcherW
ChangeServiceConfig2W
RegisterEventSourceW
CloseServiceHandle
QueryServiceStatus
RegQueryInfoKeyW
ReportEventW
ChangeServiceConfigW
SetSecurityDescriptorSacl
RegSetValueExW
CreateServiceW
RegisterServiceCtrlHandlerW
QueryServiceStatusEx
QueryServiceConfigW
RegCloseKey
RegDeleteKeyW
RegEnumKeyExW
SetSecurityDescriptorDacl
DeregisterEventSource
OpenServiceW
DeleteService
RegQueryValueExW

winmm

timeGetTime

kernel32

FindClose
GetFileAttributesExW
WriteConsoleW
OpenEventW
GetLogicalDriveStringsW
ReadFile
CreateFileA
GetCommandLineW
FindNextFileW
ConnectNamedPipe
TlsSetValue
RtlUnwind
IsValidLocale
CreateEventW
TlsFree
DeleteFileW
WideCharToMultiByte
GetProcessTimes
VirtualAlloc
GetSystemInfo
GetModuleHandleA
GetTimeZoneInformation
GetConsoleCP
CreateFileW
DisconnectNamedPipe
FlushFileBuffers
SetConsoleCtrlHandler
HeapSize
SetLastError
CreateMutexW
GetCurrentThreadId
IsDebuggerPresent
CreateDirectoryW
LeaveCriticalSection
MoveFileW
LCMapStringW
CreatePipe
OpenProcess
CompareStringW
SetFilePointer
UnhandledExceptionFilter
CreateProcessW
LocalFree
GetTempPathA
GetACP
EnterCriticalSection
GetUserDefaultLangID
GetComputerNameW
GetModuleHandleW
FreeEnvironmentStringsW
TryEnterCriticalSection
GetProcessHeap
PeekNamedPipe
IsValidCodePage
SetFileAttributesW
ExitThread
CompareStringA
ExpandEnvironmentStringsW
DeleteCriticalSection
RaiseException
CloseHandle
InitializeCriticalSectionAndSpinCount
GetTempPathW
SetUnhandledExceptionFilter
GetConsoleOutputCP
CopyFileW
SetThreadPriority
SetEnvironmentVariableA
WaitForMultipleObjects
HeapFree
WriteConsoleA
RemoveDirectoryW
TlsAlloc
SetStdHandle
TlsGetValue
SetEnvironmentVariableW
ResetEvent
GetStdHandle
WaitForSingleObject
GetExitCodeThread
GetCurrentDirectoryW
GetUserDefaultLCID
GetConsoleMode
VirtualFree
HeapReAlloc
SetFileTime
GetFileType
LocalAlloc
WriteFile
ReleaseMutex
EnumSystemLocalesA
SetEndOfFile
GetOEMCP
CreateThread
DuplicateHandle
FreeLibrary
HeapAlloc
GetSystemTimeAsFileTime
SetHandleCount
CreateNamedPipeW
LCMapStringA
FindFirstFileW
GetCurrentProcess
VirtualAllocEx

oleaut32

SafeArrayGetUBound
VariantClear
SafeArrayDestroy
SafeArrayUnlock
VariantCopy
SysAllocString
SysFreeString
SafeArrayCopy
SafeArrayLock
VariantInit
SafeArrayGetVartype
SafeArrayGetLBound

resutils

ResUtilCreateDirectoryTree
ResUtilEnumResources
ResUtilSetExpandSzValue
ResUtilFindBinaryProperty
ResUtilSetPropertyParameterBlock
ResUtilIsResourceClassEqual
ResUtilGetBinaryProperty
ResUtilFindLongProperty

sti

DllCanUnloadNow
MigrateRegisteredSTIAppsForWIAEvents
StiCreateInstanceW
StiCreateInstance
DllRegisterServer

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 246KB - Virtual size: 974KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2bdedc434c0e2df1206d7702bc711a18

Headers

File Characteristics

Imports

iphlpapi

user32

ole32

ws2_32

advapi32

winmm

kernel32

oleaut32

resutils

sti

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 246KB - Virtual size: 974KB

.rsrc Size: 1024B - Virtual size: 2KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 246KB - Virtual size: 974KB

.rsrc
Size: 1024B - Virtual size: 2KB