f9c922fca988830388702e184d8673d5_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

f9c922fca988830388702e184d8673d5_JaffaCakes118
Size

52KB
MD5

f9c922fca988830388702e184d8673d5
SHA1

02c777729365f53c86a1a1baedc7733913bd7817
SHA256

236331819ef7fe66218b6915197d68e70627e0bca870c9a81bdcc4d62d6d1c0a
SHA512

22e97cdebb6892fa170af0629fd7bb6c2cd9f6dd7a9b1f327798bb8ac1a018f09d4a0017658a117b6b1e9c6b3c3cfd869ce63d5af9279699d03be8848c63d836
SSDEEP

768:kXVLeWYvwFJnmZpaKwVohZjczS2GqYNyvj7JD7lAdyljampBbgpQ:5zwFJnmZp2MZjhHKUdef

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
f9c922fca988830388702e184d8673d5_JaffaCakes118

Files

f9c922fca988830388702e184d8673d5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a6b88c9507f8b78d5cf9a9b775553242

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoTaskMemFree
CoCreateInstance

kernel32

Process32Next
Process32First
OpenProcess
MultiByteToWideChar
MapViewOfFile
LocalFree
LocalAlloc
LoadLibraryA
GlobalMemoryStatus
GlobalFree
GlobalAlloc
GetWindowsDirectoryA
GetVolumeInformationA
CloseHandle
GetVersionExA
GetTempPathA
ReadFile
lstrlenW
lstrlenA
lstrcpynA
lstrcpyA
lstrcmpiA
lstrcmpA
lstrcatA
_lwrite
_lread
_lopen
_lcreat
_lclose
WriteFile
WideCharToMultiByte
UnmapViewOfFile
TerminateProcess
GetSystemDirectoryA
GetProcAddress
GetPrivateProfileStringA
GetPrivateProfileSectionNamesA
GetPrivateProfileIntA
GetModuleHandleA
GetModuleFileNameA
GetLogicalDrives
GetLocaleInfoA
GetLocalTime
GetLastError
GetFileSize
GetDriveTypeA
GetDiskFreeSpaceA
GetCurrentProcess
GetCurrentDirectoryA
GetComputerNameA
FreeLibrary
FindNextFileA
FindFirstFileA
FindClose
ExitProcess
DeleteFileA
CreateToolhelp32Snapshot
CreateThread
CreateFileMappingA
CreateFileA
CopyFileA
Sleep

user32

MessageBoxA
GetMessageA
GetDC
DispatchMessageA
CreateWindowExA
wsprintfA
SetTimer
ReleaseDC
SetWindowLongA
TranslateMessage

oleaut32

SysAllocString
SafeArrayAccessData
SafeArrayCreateVector
SafeArrayDestroy
SafeArrayUnaccessData
SysFreeString

advapi32

OpenServiceA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyA
RegEnumValueA
RegEnumKeyExA
RegCreateKeyA
RegCloseKey
AdjustTokenPrivileges
OpenSCManagerA
OpenProcessToken
LookupPrivilegeValueA
GetUserNameA
ControlService
CloseServiceHandle
ChangeServiceConfigA

shlwapi

StrRChrA
StrCmpNA
StrChrA
StrStrIA

shell32

ShellExecuteA

wsock32

gethostname
gethostbyname
connect
closesocket
WSAStartup
inet_addr
recv
send
socket

ws2_32

WSAIoctl

rasapi32

RasGetEntryDialParamsA
RasGetEntryPropertiesA
RasEnumEntriesA

gdi32

GetDeviceCaps

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a6b88c9507f8b78d5cf9a9b775553242

Headers

File Characteristics

Imports

ole32

kernel32

user32

oleaut32

advapi32

shlwapi

shell32

wsock32

ws2_32

rasapi32

gdi32

Sections

.text Size: 26KB - Virtual size: 25KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 21KB - Virtual size: 205KB

.rsrc Size: 1024B - Virtual size: 904B

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 21KB - Virtual size: 205KB

.rsrc
Size: 1024B - Virtual size: 904B