f946cf04384871e2688787852b9c028d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f946cf04384871e2688787852b9c028d_JaffaCakes118
Size

53KB
MD5

f946cf04384871e2688787852b9c028d
SHA1

6c6daa93e6cba29beddc2d35270ec91ff3aa5f15
SHA256

7082e9c574140bddd16d3739d4a895d017cdddc500e0d681487c6d7587f42a65
SHA512

586a42b6731df1d5b43aba27ae1efa1c84d05e9f4f38d0db372dc79093b0a756c7ab2d7479ac7a7f98b3ed5bcd417bb2836ea8d1c139ab2470ff1026718d283c
SSDEEP

1536:0luksa8Cw5/nqFwLntp8G/lCD0rlhvY68R:ysa8Cw5/78WlCuhvY68

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f946cf04384871e2688787852b9c028d_JaffaCakes118

Files

f946cf04384871e2688787852b9c028d_JaffaCakes118
.exe .js windows:4 windows x86 arch:x86 polyglot

85da328cacb2a405df94caf16f5d0fc4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Process32First
CreateToolhelp32Snapshot
CreateThread
GlobalAlloc
SetFileAttributesA
GetDriveTypeA
GetLogicalDriveStringsA
GetLastError
GetCurrentProcess
GetTickCount
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleA
InitializeCriticalSection
InterlockedIncrement
Process32Next
FindClose
FindNextFileA
FindFirstFileA
lstrcpynA
lstrcmpA
DeleteFileA
ExitProcess
CreateFileMappingA
SetErrorMode
GetStartupInfoA
WideCharToMultiByte
MultiByteToWideChar
CloseHandle
GetTempPathA
GetModuleFileNameA
Sleep
GetTempFileNameA
lstrlenA
GetVolumeInformationA
CreateProcessA
FreeConsole
AllocConsole
GetStdHandle
SetConsoleTextAttribute
lstrcpyA
lstrcatA
GetProcAddress
LoadLibraryA
InterlockedDecrement

user32

UnhookWindowsHookEx
DispatchMessageA
CallNextHookEx
GetMessageA
SetWindowsHookExA
IsCharAlphaNumericA
wsprintfA
FindWindowExA
ExitWindowsEx
ReleaseDC
GetDC
SendMessageA
TranslateMessage

advapi32

LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges

ole32

CoCreateInstance
OleInitialize
OleUninitialize

oleaut32

VariantClear
VariantCopy
GetErrorInfo
SysAllocString
SysFreeString
VariantInit

crypt32

CertOpenSystemStoreA
PFXExportCertStore

gdi32

GetDIBits
SetPixel
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetDeviceCaps
CreateDCA
PatBlt

ws2_32

gethostbyname
gethostname
bind
recv
shutdown
accept
listen

msvcrt

printf
_stricmp
_strdup
_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
__p___argc
__p___argv
srand
system
wcslen
??2@YAPAXI@Z
memcmp
??3@YAXPAX@Z
abs
sprintf
atoi
toupper
strstr
malloc
_except_handler3
fclose
ftell
fseek
fopen
fwrite
fputs
fread
setvbuf
_iob
_fdopen
_open_osfhandle
memset
_strcmpi
strlen
strcat
rand
strcpy
strrchr
strcmp
strtok
free
strchr

Sections

.bss
Size: - Virtual size: 17.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

85da328cacb2a405df94caf16f5d0fc4

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

crypt32

gdi32

ws2_32

msvcrt

Sections

.bss Size: - Virtual size: 17.5MB

.data Size: 52KB - Virtual size: 51KB

.bss
Size: - Virtual size: 17.5MB

.data
Size: 52KB - Virtual size: 51KB