fd89699c456b78a2262772f6c5068a4a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fd89699c456b78a2262772f6c5068a4a_JaffaCakes118
Size

148KB
MD5

fd89699c456b78a2262772f6c5068a4a
SHA1

24821c9cc861f0b12c4f04605de151402e53ca10
SHA256

b3be432b94c5eff76f4ba0aab6352311df2eaa59c23ebc6c785e93b1a6a3879f
SHA512

07286c3f551c0f7dac1611804c9695c240e3286a525ad3d045fc430635969abac1b5b2e2e38f4502555154b0c2017daf8fc61a54e3381f638b5e0f10415c6c5c
SSDEEP

3072:KyaFlTkZp+QBuK77/wJbvA9HN4q8qQ2FOj6VglJt3KXV6CtS3nBFXEHev:KyaF+ZFuC7oJbvYWZ2FO1Jt3HbK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fd89699c456b78a2262772f6c5068a4a_JaffaCakes118

Files

fd89699c456b78a2262772f6c5068a4a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e7a67205f50199cab72d9871f66b874c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathA
GetProcAddress
GetModuleHandleA
CopyFileA
LoadLibraryExA
FreeLibrary
DeleteFileA
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
CreateFileA
WriteFile
CloseHandle
GetTempFileNameA
GetSystemTime
GetFileAttributesA
DeviceIoControl
SystemTimeToFileTime
GetCurrentProcessId
FreeLibraryAndExitThread
GetCurrentProcess
CreateFileW
GetFileSize
ReadFile
SetFilePointer
SetEndOfFile
GetModuleHandleW
CopyFileW
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
Sleep
DeleteFileW
ExitProcess
GetCommandLineA
CreateThread
GetSystemTimeAsFileTime
VirtualProtect
VirtualFree
GetLastError
GetVersionExA
MoveFileExW
GetTempFileNameW
GetTempPathW
GetModuleFileNameW
GetWindowsDirectoryW
VirtualAlloc

advapi32

QueryServiceStatusEx
StartServiceA
OpenSCManagerA
OpenServiceA
GetUserNameW
OpenProcessToken
RegCloseKey
RegSetValueExA
RegCreateKeyA
CloseServiceHandle

ntdll

RtlComputeCrc32
LdrAddRefDll
ZwImpersonateThread
ZwOpenThread
RtlEqualUnicodeString
ZwQueryInformationToken
wcsncpy
ZwOpenFile
ZwClose
ZwLoadDriver
strncat
ZwCreateEvent
RtlInitUnicodeString
_snwprintf
atoi
ZwTestAlert
RtlRandom
ZwRaiseHardError
RtlAdjustPrivilege
ZwQuerySystemInformation
sscanf
strncpy
_chkstk
memcpy
_snprintf
RtlImageNtHeader
ZwDeviceIoControlFile
memset

shlwapi

StrStrIW
SHDeleteKeyA
PathFileExistsW
StrStrIA
PathFileExistsA
PathAppendA
PathFindFileNameW
SHGetValueA
PathRemoveFileSpecA

imagehlp

CheckSumMappedFile

psapi

GetMappedFileNameW

rpcrt4

UuidCreateSequential

wininet

InternetCrackUrlA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetQueryOptionA
InternetSetOptionA
InternetCloseHandle
InternetOpenA

shell32

ShellExecuteW

ole32

CoCreateInstance
CoInitialize
CoUninitialize

winspool.drv

DeletePrintProvidorW
AddPrintProvidorW

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.config
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e7a67205f50199cab72d9871f66b874c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ntdll

shlwapi

imagehlp

psapi

rpcrt4

wininet

shell32

ole32

winspool.drv

Sections

.text Size: 13KB - Virtual size: 13KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 10KB - Virtual size: 9KB

.config Size: 114KB - Virtual size: 114KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 13KB - Virtual size: 13KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 10KB - Virtual size: 9KB

.config
Size: 114KB - Virtual size: 114KB

.reloc
Size: 1KB - Virtual size: 1KB