e8db5767986a80ae27daad3522b6f3a0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e8db5767986a80ae27daad3522b6f3a0_JaffaCakes118
Size

229KB
MD5

e8db5767986a80ae27daad3522b6f3a0
SHA1

3611d2aeaac058d1b5d0308898a9104b211a7e8e
SHA256

caddc35107cd1c9ae3bb462efdd9bada83012c4d761fc6920131e673ca617a13
SHA512

7ab61c3a9471bd63c64681406eafd45fc0d01e1901d46248e78ccd2e5132495b963f05dbea4ddf181cdaae280a4917c7d766e36b341614c1796377917a917272
SSDEEP

6144:NjDI09n4i1/Ce89ZKRnLhsgu0Sx75/r4boHYY01ke:NjhNv1/h8y1Vmx7lRv0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e8db5767986a80ae27daad3522b6f3a0_JaffaCakes118

Files

e8db5767986a80ae27daad3522b6f3a0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2ff3e3ab4fe9da6520c4fda0efa95060

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
LoadLibraryA
RtlUnwind
InterlockedExchange
VirtualQuery
HeapReAlloc
HeapAlloc
HeapFree
VirtualAlloc
VirtualLock
LocalCompact
DeleteFileW
MoveFileA
GetPrivateProfileIntA
OpenEventW
InitializeCriticalSection
SetThreadPriority
CopyFileExA
VirtualQueryEx
SetThreadContext
ResetWriteWatch
lstrlenA
WriteProfileStringA
BeginUpdateResourceW
CompareFileTime
WideCharToMultiByte
SetThreadAffinityMask
GetCalendarInfoW
GetStringTypeExA
GetStdHandle
VirtualProtect
GetConsoleScreenBufferInfo
InterlockedCompareExchange
SignalObjectAndWait
GetEnvironmentStrings
GetConsoleTitleW
DisconnectNamedPipe
GlobalAddAtomA
GetLogicalDriveStringsW
LoadModule
CreatePipe
GetConsoleCursorInfo
EnumTimeFormatsW
FindNextFileA
EnumCalendarInfoA
GetLargestConsoleWindowSize
ReadConsoleOutputW
GetComputerNameA
GetACP
SetEnvironmentVariableA
GetSystemPowerStatus
ReadDirectoryChangesW
VirtualProtectEx
SetCurrentDirectoryA
CompareStringA
GetProcessShutdownParameters
GetComputerNameW
DisableThreadLibraryCalls
GetLocaleInfoA
GetLongPathNameW
FreeLibraryAndExitThread
OpenSemaphoreA
GetStringTypeA
OpenProcess
EnumDateFormatsExA
CreateProcessW
WriteFileGather
LocalLock
CreateDirectoryW
GetPrivateProfileStructA
PeekConsoleInputA
lstrcmp
RemoveDirectoryA
GetFileAttributesA
TransmitCommChar
GetProcessHeap
WriteProfileSectionW
GetExitCodeThread
WriteFile
SetFileAttributesA
GetDiskFreeSpaceExW
EnumResourceTypesW
GetVolumeInformationA
GetModuleHandleW
ResumeThread
SetConsoleWindowInfo
GetCalendarInfoA
GetTempFileNameW
GetSystemInfo
lstrcpy
FileTimeToLocalFileTime
MoveFileExA
GetTempFileNameA
GetMailslotInfo
SystemTimeToFileTime
UpdateResourceA
GlobalFindAtomW
GetEnvironmentVariableA
GetNumberOfConsoleInputEvents
GetTimeFormatW
GetProfileIntA
Module32Next
WritePrivateProfileSectionW
GetSystemDefaultLCID
FillConsoleOutputCharacterA
GetProcessPriorityBoost
WritePrivateProfileStringW
GetThreadContext
LocalReAlloc
GlobalUnlock
SetEvent
lstrcmpW
HeapSize
RtlZeroMemory
LoadLibraryExA
SetPriorityClass
GetProfileSectionA
RemoveDirectoryW
CreateFileMappingA
GetSystemDirectoryW
GlobalFix
GlobalUnfix
SetConsoleCtrlHandler
VirtualFreeEx
CreateMailslotW
OutputDebugStringA
GetProcessHeaps
CreateFileA
GlobalReAlloc
FillConsoleOutputAttribute
GetShortPathNameW
EnumResourceNamesW
VirtualUnlock
Thread32Next

comdlg32

FindTextW
ReplaceTextW
FindTextA
PrintDlgA
ReplaceTextA
GetSaveFileNameW
GetOpenFileNameW
LoadAlterBitmap
ChooseColorW
GetSaveFileNameA
PageSetupDlgW
PageSetupDlgA
ChooseFontA
ChooseColorA
GetOpenFileNameA

advapi32

CryptEnumProviderTypesA
InitiateSystemShutdownW
RegNotifyChangeKeyValue
RegDeleteKeyW
CryptSetProviderExW
RegEnumKeyA
DuplicateTokenEx
CryptGenKey
LookupPrivilegeValueA
CryptSetProvParam

shell32

SHGetSpecialFolderLocation
DragQueryFileW
SHGetPathFromIDListW
SHInvokePrinterCommandA
SHAppBarMessage
SHBrowseForFolderW
ExtractAssociatedIconW
SHInvokePrinterCommandW
SHGetSpecialFolderPathW
SHGetSettings
InternalExtractIconListA
ExtractIconExA
DoEnvironmentSubstA
ExtractAssociatedIconExA
ShellAboutA
SHEmptyRecycleBinA
SheChangeDirA
ExtractIconEx
SHGetFileInfoA
DragQueryFileAorW
FreeIconList
SHGetDataFromIDListA

wininet

InternetHangUp
DeleteUrlCacheEntryA
UnlockUrlCacheEntryFileW
IsUrlCacheEntryExpiredW
FtpRemoveDirectoryW
HttpAddRequestHeadersW
InternetCombineUrlA
CreateUrlCacheContainerA
InternetConnectW
GopherOpenFileA
IsHostInProxyBypassList
RegisterUrlCacheNotification
CreateUrlCacheEntryW
RunOnceUrlCache
FtpSetCurrentDirectoryA
IncrementUrlCacheHeaderData
HttpQueryInfoW
HttpSendRequestA
FindNextUrlCacheContainerA
FtpGetFileA
FreeUrlCacheSpaceA
InternetGoOnline
InternetTimeFromSystemTimeA
UnlockUrlCacheEntryStream
InternetSetFilePointer
InternetDialW
HttpCheckDavCompliance
HttpSendRequestExW
UnlockUrlCacheEntryFile
InternetReadFile
FtpRenameFileW
FindNextUrlCacheEntryExW
SetUrlCacheConfigInfoA
SetUrlCacheEntryGroupA
FindFirstUrlCacheEntryExW
RetrieveUrlCacheEntryFileW
DetectAutoProxyUrl
FtpGetFileSize
SetUrlCacheGroupAttributeA
SetUrlCacheConfigInfoW
InternetAlgIdToStringA
GopherGetAttributeW
CreateUrlCacheGroup

Sections

.text
Size: 135KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2ff3e3ab4fe9da6520c4fda0efa95060

Headers

File Characteristics

Imports

kernel32

comdlg32

advapi32

shell32

wininet

Sections

.text Size: 135KB - Virtual size: 134KB

.data Size: 74KB - Virtual size: 74KB

.reloc Size: 18KB - Virtual size: 18KB

.text
Size: 135KB - Virtual size: 134KB

.data
Size: 74KB - Virtual size: 74KB

.reloc
Size: 18KB - Virtual size: 18KB