f246bc924e5e1fc1cf8107542af674af_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f246bc924e5e1fc1cf8107542af674af_JaffaCakes118
Size

38KB
MD5

f246bc924e5e1fc1cf8107542af674af
SHA1

b489bc6849485e0a93d0d5c355c0c4787ae6894a
SHA256

e8498f12b58bfa22e9739700b00dfbd58df8baeabbd7cee1e84a3d42c11da55e
SHA512

389f2f6939f653b2dc5a4608836c9d3a498fbe5927ce632d2aba1f2aea2341c7955f28e502aa48ed061b045750a77dce443cd17fcaa8407d7ff0328e5cddc9fe
SSDEEP

768:GdmcgetGyKK3z8OU8mjf3sQWtvME0mCQNEC5:neQyKK3AOyjfsb+E0uEO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f246bc924e5e1fc1cf8107542af674af_JaffaCakes118

Files

f246bc924e5e1fc1cf8107542af674af_JaffaCakes118
.exe windows:4 windows x86 arch:x86

395957924f72778aeef4df3d32c18300

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpyA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateToolhelp32Snapshot
Process32First
OpenProcess
GetLongPathNameA
GetPriorityClass
Process32Next
SetPriorityClass
HeapAlloc
GetProcessHeap
HeapFree
GetSystemTimeAsFileTime
GetProcessTimes
QueryDosDeviceA
GetTickCount
CreateThread
GetLogicalDriveStringsA
GetVolumeInformationA
GetDriveTypeA
GetWindowsDirectoryA
FindFirstFileA
FindNextFileA
LoadLibraryA
MoveFileA
CreateFileA
GetFileSize
CreateDirectoryA
GetTempPathA
GetTempFileNameA
lstrcatA
DeleteFileA
GetModuleFileNameA
lstrlenA
ExitProcess
MoveFileExA
FindResourceA
LoadResource
LockResource
SizeofResource
SetWaitableTimer
CreateEventA
CreateWaitableTimerA
CreateMutexA
ResetEvent
SetEvent
ReleaseMutex
GetStartupInfoA
GetCommandLineA
FreeLibrary
GetSystemInfo
GetModuleHandleA
GetProcAddress
GetVersionExA
LocalFree
FormatMessageA
GetSystemDirectoryA
WTSGetActiveConsoleSessionId
CreateProcessA
CloseHandle
DuplicateHandle
CreatePipe
GetCurrentProcess
PeekNamedPipe
ReadFile
lstrcmpiA
GetLastError
WriteFile
GetExitCodeProcess
WaitForSingleObject
TerminateProcess
FindClose
Sleep

user32

wvsprintfA
GetSystemMetrics

advapi32

SetServiceStatus
RegQueryValueExA
RegOpenKeyExA
ControlService
QueryServiceStatusEx
ChangeServiceConfigA
UnlockServiceDatabase
LockServiceDatabase
DeleteService
StartServiceA
QueryServiceConfigA
OpenServiceA
CloseServiceHandle
EnumServicesStatusExA
OpenSCManagerA
LookupAccountSidA
GetTokenInformation
OpenProcessToken
CreateProcessAsUserA
DuplicateTokenEx
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
RegCloseKey

shell32

SHFileOperationA
SHGetFolderPathA
SHGetFileInfoA

ws2_32

WSAGetLastError
WSAAccept
WSARecv
WSACloseEvent
WSASend
closesocket
socket
WSACreateEvent
WSAEventSelect
WSAWaitForMultipleEvents
WSAStartup
WSACleanup
send
recv
shutdown
connect
htons
gethostbyname
WSAEnumNetworkEvents

wtsapi32

WTSQueryUserToken

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

psapi

GetProcessMemoryInfo
GetProcessImageFileNameA

shlwapi

PathQuoteSpacesA
PathIsDirectoryEmptyA
PathRemoveFileSpecA
PathIsDirectoryA
PathCanonicalizeA
PathAppendA
PathAddBackslashA

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

395957924f72778aeef4df3d32c18300

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ws2_32

wtsapi32

userenv

psapi

shlwapi

Sections

.text Size: 29KB - Virtual size: 28KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 29KB - Virtual size: 28KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB