2a4e794a7d28ce69ca859485f77f6dea_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2a4e794a7d28ce69ca859485f77f6dea_JaffaCakes118
Size

2.4MB
MD5

2a4e794a7d28ce69ca859485f77f6dea
SHA1

6b60e5d2393186fc7c942e898464fb397ab20920
SHA256

5d84c6a01fc75196a33cb8941596ef6ff5657fa54c22a20b94d379bc10eb0193
SHA512

ed41e6b3847a3c516bd1b618dc51a692ee8e533d3cc1b1506b94229ab4729a17f6d88d388cc143c91d1bbf5d716efac962693e09c27dc6c462777f6aeb0ed221
SSDEEP

49152:WlTKuk2VOjPWgRwzWVMWf3B4kif/7OCeL2bvNs2GCqXxbTIU6iACPp3U2:FRwiMWfxKB62GC7+Ai3U2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2a4e794a7d28ce69ca859485f77f6dea_JaffaCakes118

Files

2a4e794a7d28ce69ca859485f77f6dea_JaffaCakes118
.exe windows:6 windows x64 arch:x64

7f4ecabca6c73b80c128745e9c233f7b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

SetFileAttributesA
Sleep
GetModuleFileNameA
GetConsoleMode
ReadConsoleA
SetConsoleMode
SuspendThread
ResumeThread
FormatMessageA
QueryPerformanceCounter
QueryPerformanceFrequency
WaitForSingleObject
SetWaitableTimer
GetStdHandle
SetThreadPriority
SetThreadAffinityMask
CreateWaitableTimerA
ExitProcess
CreateToolhelp32Snapshot
Process32First
Process32Next
LoadLibraryA
IsWow64Process
CreateFileA
GetFileSize
ReadFile
MultiByteToWideChar
WideCharToMultiByte
GlobalFree
GetSystemInfo
CreateMutexA
GetFileAttributesA
GetLargePageMinimum
VirtualFree
VirtualAlloc
GetLastError
CloseHandle
LoadLibraryW
GlobalMemoryStatus
GetProcAddress
FreeLibrary
GetNativeSystemInfo
GetTickCount
GetCurrentProcess
GetProcessTimes
SwitchToThread
GlobalAlloc
UnregisterWaitEx
QueryDepthSList
InterlockedPopEntrySList
ReleaseSemaphore
VirtualProtect
GetVersionExW
GetModuleHandleA
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SignalObjectAndWait
CreateTimerQueue
SetEndOfFile
WriteConsoleW
GetProcessHeap
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
DeleteCriticalSection
SetHandleInformation
GetTickCount64
RaiseException
SetLastError
GetSystemTime
SystemTimeToFileTime
GetFileType
WriteFile
GetCurrentThreadId
GetModuleHandleW
FindClose
RtlVirtualUnwind
GetCurrentProcessId
FlushConsoleInputBuffer
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetSystemTimeAsFileTime
InitializeSListHead
TryEnterCriticalSection
DuplicateHandle
GetCurrentThread
GetExitCodeThread
RtlPcToFileHeader
EncodePointer
DecodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
RtlUnwindEx
LoadLibraryExW
InterlockedPushEntrySList
InterlockedFlushSList
GetModuleHandleExW
SetStdHandle
CreateThread
ExitThread
FreeLibraryAndExitThread
SetConsoleCtrlHandler
CreateFileW
GetDriveTypeW
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ReadConsoleInputA
GetModuleFileNameW
GetCommandLineA
GetCommandLineW
GetACP
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetStringTypeW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
FlushFileBuffers
GetConsoleCP
GetTimeZoneInformation
GetExitCodeProcess
CreateProcessA
GetFileAttributesExW
ReadConsoleW
SetFilePointerEx
GetCurrentDirectoryW
GetFullPathNameW
FindFirstFileExA
FindNextFileA

user32

GetWindowTextA
GetUserObjectInformationW
MessageBoxW
wsprintfW
GetClassNameA
EnumWindows
GetProcessWindowStation

advapi32

CryptAcquireContextA
RegisterEventSourceW
DeregisterEventSource
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
ReportEventW
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken

ws2_32

WSASetLastError
htons
WSAPoll
listen
freeaddrinfo
getaddrinfo
socket
shutdown
send
recv
select
bind
accept
__WSAFDIsSet
WSACleanup
connect
closesocket
WSAGetLastError
WSAStartup
ioctlsocket
htonl
getsockname
WSASocketW
getsockopt
ntohs
gethostbyname
getservbyname
setsockopt

shlwapi

StrStrIA

winhttp

WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpCrackUrl
WinHttpOpen
WinHttpCloseHandle
WinHttpConnect
WinHttpReadData
WinHttpOpenRequest
WinHttpSendRequest

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 500KB - Virtual size: 500KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 317KB - Virtual size: 335KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7f4ecabca6c73b80c128745e9c233f7b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

shlwapi

winhttp

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 500KB - Virtual size: 500KB

.data Size: 317KB - Virtual size: 335KB

.pdata Size: 75KB - Virtual size: 74KB

.tls Size: 512B - Virtual size: 9B

.gfids Size: 2KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 23KB - Virtual size: 22KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 500KB - Virtual size: 500KB

.data
Size: 317KB - Virtual size: 335KB

.pdata
Size: 75KB - Virtual size: 74KB

.tls
Size: 512B - Virtual size: 9B

.gfids
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 23KB - Virtual size: 22KB