0a09d3f6bb64f57a5316c974ae1c3188_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0a09d3f6bb64f57a5316c974ae1c3188_JaffaCakes118
Size

1.3MB
MD5

0a09d3f6bb64f57a5316c974ae1c3188
SHA1

03cdba4a18136a04b8987a7b41b15c5fba47003c
SHA256

a51335e7f59c278c9fb72f8aea36b9cc494ace8d82a1e249c10fe39a6cf8319a
SHA512

d7c437d0eaf3e85c85a1d27b4187078a56c09bb27b86a39886880de1e7f734339b78a8aa43f15a2fd1b19047fd56131eeea8475b00040964e67607bf04188514
SSDEEP

24576:XhqNL0/WyaL8IIYKLZcnaGKfpISJlSDpG5qfb+DGv03rhVhG7vZdnA:XM10/Wx+pjlSDpG5Y+DGvIGTZdnA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0a09d3f6bb64f57a5316c974ae1c3188_JaffaCakes118

Files

0a09d3f6bb64f57a5316c974ae1c3188_JaffaCakes118
.exe windows:5 windows x86 arch:x86

080ad60f47d941c6350a52cffab137d6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

N:\700\tptp\alive2_18\Release\alive2.pdb

Imports

advapi32

OpenProcessToken
ConvertSidToStringSidA
RegSetValueExA
RegCreateKeyExW
RegQueryValueExA
RegQueryValueExW
RegQueryInfoKeyW
LookupAccountNameW
LookupPrivilegeValueW
RegDeleteValueW
RegOpenKeyExW
RegEnumKeyExW
AdjustTokenPrivileges
RegCloseKey
RegSetValueExW
ReportEventA
DeregisterEventSource
RegisterEventSourceA

shell32

SHGetFolderPathW
CommandLineToArgvW
ShellExecuteA

kernel32

ExitProcess
GetCommandLineW
CreateFileA
GetFileSize
CreateMutexW
FindFirstFileW
SetFilePointer
FreeLibrary
CreateProcessW
GetCurrentProcess
WaitForSingleObject
GetComputerNameW
ConnectNamedPipe
GetTickCount
CreateNamedPipeW
GetSystemTimeAsFileTime
WriteFile
OpenProcess
WideCharToMultiByte
LoadLibraryW
Sleep
GetVersionExW
GetExitCodeProcess
CreateProcessA
TerminateProcess
ReadFile
GetModuleFileNameW
CreateFileW
ExitThread
MultiByteToWideChar
lstrlenW
GetLastError
GetCurrentDirectoryW
SetLastError
GetProcAddress
FindClose
LoadLibraryA
Process32FirstW
IsWow64Process
Process32NextW
CreateToolhelp32Snapshot
ReleaseMutex
CloseHandle
DeleteFileW
GetCurrentProcessId
LocalFree
DeleteFileA
CreateThread
CreateDirectoryW
GetFileAttributesW
GetFileInformationByHandle
GetFileType
SetEndOfFile
SetFileAttributesW
SetFileTime
DeviceIoControl
HeapSize
IsValidCodePage
GetACP
GetOEMCP
GetFileAttributesA
GetFullPathNameW
PeekNamedPipe
HeapAlloc
HeapFree
GetProcessHeap
GetStdHandle
SearchPathA
DuplicateHandle
SetHandleInformation
CreatePipe
GetCurrentThreadId
GetVersion
GetModuleHandleA
QueryPerformanceCounter
GlobalMemoryStatus
FlushConsoleInputBuffer
SetEnvironmentVariableA
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
SwitchToThread
HeapDestroy
HeapReAlloc
HeapCreate
LocalAlloc
GetSystemDirectoryW
GetModuleHandleW
LoadLibraryExW
OutputDebugStringW
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetStartupInfoW
GetConsoleCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
ReadConsoleW
FlushFileBuffers
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
RaiseException
SetConsoleMode
ReadConsoleInputA
GetConsoleMode
SetConsoleCtrlHandler
SetFilePointerEx
SetStdHandle
RemoveDirectoryW
AreFileApisANSI
GetModuleHandleExW
IsProcessorFeaturePresent
IsDebuggerPresent
GetCPInfo
GetStringTypeW
DecodePointer
EncodePointer
WriteConsoleW

user32

PostMessageW
EnumWindows
GetWindowThreadProcessId
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA
WaitForInputIdle
EnumDisplayDevicesW

psapi

GetProcessMemoryInfo

winhttp

WinHttpReceiveResponse
WinHttpSetOption
WinHttpSendRequest
WinHttpConnect
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpOpen
WinHttpOpenRequest
WinHttpReadData

bcrypt

BCryptOpenAlgorithmProvider
BCryptGetProperty
BCryptSetProperty
BCryptCloseAlgorithmProvider
BCryptGenerateSymmetricKey
BCryptEncrypt
BCryptDestroyKey
BCryptFinishHash
BCryptHashData
BCryptCreateHash
BCryptDeriveKeyPBKDF2

Exports

Exports

LZ4_attach_dictionary
LZ4_compress
LZ4_compressBound
LZ4_compress_continue
LZ4_compress_default
LZ4_compress_destSize
LZ4_compress_fast
LZ4_compress_fast_continue
LZ4_compress_fast_extState
LZ4_compress_fast_extState_fastReset
LZ4_compress_limitedOutput
LZ4_compress_limitedOutput_continue
LZ4_compress_limitedOutput_withState
LZ4_compress_withState
LZ4_create
LZ4_createStream
LZ4_createStreamDecode
LZ4_decoderRingBufferSize
LZ4_decompress_fast
LZ4_decompress_fast_continue
LZ4_decompress_fast_usingDict
LZ4_decompress_fast_withPrefix64k
LZ4_decompress_safe
LZ4_decompress_safe_continue
LZ4_decompress_safe_partial
LZ4_decompress_safe_usingDict
LZ4_decompress_safe_withPrefix64k
LZ4_freeStream
LZ4_freeStreamDecode
LZ4_loadDict
LZ4_resetStream
LZ4_resetStreamState
LZ4_resetStream_fast
LZ4_saveDict
LZ4_setStreamDecode
LZ4_sizeofState
LZ4_sizeofStreamState
LZ4_slideInputBuffer
LZ4_uncompress
LZ4_uncompress_unknownOutputSize
LZ4_versionNumber
LZ4_versionString
NvOptimusEnablementCuda

Sections

.text
Size: 1001KB - Virtual size: 1001KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 265KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

080ad60f47d941c6350a52cffab137d6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

shell32

kernel32

user32

psapi

winhttp

bcrypt

Exports

Exports

Sections

.text Size: 1001KB - Virtual size: 1001KB

.rdata Size: 265KB - Virtual size: 264KB

.data Size: 14KB - Virtual size: 54KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 43KB - Virtual size: 43KB

.text
Size: 1001KB - Virtual size: 1001KB

.rdata
Size: 265KB - Virtual size: 264KB

.data
Size: 14KB - Virtual size: 54KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 43KB - Virtual size: 43KB