e2869cb38ac7322110118fb316f5991e_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

e2869cb38ac7322110118fb316f5991e_JaffaCakes118
Size

132KB
MD5

e2869cb38ac7322110118fb316f5991e
SHA1

3147d3a62b53f9d70fc55214f16fbcea47e6f7e8
SHA256

c18999a994b67de690c1ece66f17bb6533144000a946eba37b5e8b9d577e235a
SHA512

089a57226e3391ad29ce8be259655c95aa3d0485a34953010f3b56091a772b2435e1d53e2d9e0b712d7907499de10184bdda9e35d763f74199d2ea17824066c0
SSDEEP

1536:QPKDFN3XJn0xsFIv+FzJD0ODizwBPC63oW8xTXJ1IyYbEkNw0KgPKo0D8:QPgoxsFBFzJJw6uXYb92GPf0D8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e2869cb38ac7322110118fb316f5991e_JaffaCakes118

Files

e2869cb38ac7322110118fb316f5991e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a775b752c199bbf88fd434eb4bf11991

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
FreeLibrary
GetProcAddress
Sleep
CreateThread
GetWindowsDirectoryA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
WriteFile
SetFilePointer
CreateFileA
DeleteFileA
CompareStringA
ReadFile
GetFileSize
lstrcmpA
OpenProcess
WideCharToMultiByte
FindNextFileA
FindFirstFileA
lstrcmpiA
lstrlenW
HeapAlloc
GetProcessHeap
HeapFree
GetLastError
GetCurrentProcess
CreateProcessA
WriteProcessMemory
VirtualProtectEx
VirtualQueryEx
VirtualAllocEx
VirtualFreeEx
lstrcpyA
FindClose
GetPrivateProfileIntA
ExitThread
WinExec
ExitProcess
CopyFileA
GetModuleFileNameA
GetLocalTime
lstrcpynA
FlushFileBuffers
SetStdHandle
GetStdHandle
LCMapStringW
LCMapStringA
GetSystemInfo
VirtualProtect
GetCPInfo
GetOEMCP
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
GetTickCount
TerminateProcess
LoadLibraryA
GetModuleHandleA
DeleteCriticalSection
InterlockedExchange
InitializeCriticalSection
RaiseException
GetVersionExA
GetLocaleInfoA
GetACP
GetPrivateProfileStringA
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
HeapSize
IsBadWritePtr
VirtualAlloc
VirtualFree
VirtualQuery
HeapReAlloc
RtlUnwind
LocalFree

user32

GetForegroundWindow
TranslateMessage
DispatchMessageA
GetMessageA
wvsprintfA
PostThreadMessageA
GetWindowThreadProcessId
SendMessageTimeoutA
RegisterWindowMessageA
GetClassNameA
GetWindowTextA
GetWindowTextLengthA
EnumChildWindows
DefWindowProcA
CreateWindowExA
RegisterClassA
SetTimer
EnumWindows
KillTimer
SendMessageA
wsprintfA

advapi32

AdjustTokenPrivileges
RegSetValueExA
RegQueryValueA
RegDeleteValueA
RegEnumKeyA
OpenProcessToken
LookupPrivilegeValueA
RegEnumKeyExA
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

SHGetSpecialFolderPathA

ole32

CoUninitialize
CoInitialize

oleaut32

GetErrorInfo
SysAllocString
VariantClear

ws2_32

inet_ntoa
WSAStartup
closesocket
recv
htonl
htons
inet_addr
gethostbyname
socket
send
setsockopt
sendto
connect
WSAGetLastError

wininet

InternetCloseHandle
InternetOpenUrlA
InternetSetOptionA
InternetOpenA
InternetGetConnectedState
InternetReadFile

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 32KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a775b752c199bbf88fd434eb4bf11991

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

ws2_32

wininet

Sections

.text Size: 96KB - Virtual size: 95KB

.data Size: 32KB - Virtual size: 48KB

.text
Size: 96KB - Virtual size: 95KB

.data
Size: 32KB - Virtual size: 48KB