14f3458c6a1b8b1dd615db78f034a68b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

14f3458c6a1b8b1dd615db78f034a68b_JaffaCakes118
Size

243KB
MD5

14f3458c6a1b8b1dd615db78f034a68b
SHA1

9c7260f848faabfb23bf5203adcf197745d0704f
SHA256

710b107fc0000a4c2c29011ca2e3aa9bde27fd24ce3be65523577209c420cf3f
SHA512

cf7240ca4c798b97dfbd0fb013959d507db432dc7e732bd7e414d96641547c403ca247e1189a3bb936c9da892348403745e3b4d6f8ca863a341e2fff8d3aa0ec
SSDEEP

6144:S+RMHCR4RDqImJMkXS4QSN7Nbcpl0iEoA1RbsdQs:SyMiR4RDaNXfQSN7y/0iEosRbsdQs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
14f3458c6a1b8b1dd615db78f034a68b_JaffaCakes118

Files

14f3458c6a1b8b1dd615db78f034a68b_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e3ed41b137007171404c51124af5ceba

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrRChrW
StrCmpW
StrStrA
PathFindFileNameW
PathMatchSpecW
StrDupW
StrStrIW
StrCpyNW
StrCpyW
StrCatW
StrCmpIW

psapi

GetProcessImageFileNameA

ntdll

_chkstk

userenv

GetProfilesDirectoryW
DestroyEnvironmentBlock
CreateEnvironmentBlock

ws2_32

gethostbyname
WSAStartup
inet_addr
socket
ntohs
closesocket
bind

winhttp

WinHttpSetTimeouts
WinHttpSendRequest
WinHttpSetOption
WinHttpOpenRequest
WinHttpReadData
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpOpen
WinHttpCloseHandle
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpCrackUrl
WinHttpAddRequestHeaders
WinHttpReceiveResponse
WinHttpConnect

kernel32

HeapReAlloc
GetEnvironmentVariableA
TerminateThread
GetSystemInfo
SetEnvironmentVariableA
GlobalMemoryStatusEx
CreateEventA
WriteFile
RemoveDirectoryW
SetFileTime
SetEndOfFile
LocalAlloc
DeleteFileW
GetFileSize
SystemTimeToFileTime
GetSystemTime
GlobalFree
IsBadReadPtr
VirtualProtectEx
GetExitCodeThread
FlushFileBuffers
HeapFree
VirtualFree
GetCurrentProcess
lstrlenW
VirtualAlloc
TerminateProcess
lstrlenA
OpenProcess
MultiByteToWideChar
GetLastError
LoadLibraryA
CloseHandle
HeapAlloc
GetProcAddress
GetProcessHeap
VirtualProtect
ExpandEnvironmentStringsW
WaitForMultipleObjects
DeleteAtom
WaitForSingleObject
ExitThread
GetModuleHandleA
ProcessIdToSessionId
Sleep
CreateThread
FindAtomW
GetCurrentProcessId
CreateProcessW
FreeLibrary
GetExitCodeProcess
GetShortPathNameW
LocalFree
OutputDebugStringA
SetEvent
lstrcpyA
GetCommandLineW
GetModuleFileNameW
SetErrorMode
CreateMutexW
GetVersion
ExitProcess
OpenMutexW
GetComputerNameW
GetModuleHandleW
WideCharToMultiByte
lstrcpyW
GetTickCount
GetComputerNameA
ReadFile
SetEnvironmentVariableW
CreateFileW
GetSystemDirectoryW
SetProcessPriorityBoost
SetPriorityClass
SetThreadPriority
GetEnvironmentVariableW
GetCurrentThread
lstrcatW
GlobalAlloc
WriteProcessMemory
SetFilePointer
VirtualAllocEx
CreateRemoteThread
lstrcmpiA
lstrcmpA
FindFirstFileW
FindNextFileW
FindClose
GetFileAttributesW
lstrcmpW
GetFileTime

user32

ExitWindowsEx
wsprintfA
wsprintfW
GetForegroundWindow

advapi32

AddAce
LookupAccountSidW
DuplicateTokenEx
GetLengthSid
CreateProcessAsUserW
FreeSid
OpenProcessToken
RegSetValueExA
AllocateAndInitializeSid
SetTokenInformation
RegOpenKeyA
RegCloseKey
ConvertStringSecurityDescriptorToSecurityDescriptorA
RegOpenKeyExA
CheckTokenMembership
CreateWellKnownSid
GetSidSubAuthority
GetSidSubAuthorityCount
RegQueryValueExA
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
ConvertSidToStringSidW
LookupPrivilegeValueA
AdjustTokenPrivileges
GetUserNameA
RegCreateKeyA
RegOpenKeyW
GetSecurityDescriptorDacl
RegGetKeySecurity
GetAclInformation
GetAce
RegCreateKeyExW
RegSetKeySecurity
GetTokenInformation
InitializeAcl
RegDeleteValueW
SetSecurityDescriptorDacl
SetFileSecurityW
SetEntriesInAclW
InitializeSecurityDescriptor
GetUserNameW

shell32

SHChangeNotify
ShellExecuteExW

ole32

CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitialize
CoInitializeEx

Sections

.text
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e3ed41b137007171404c51124af5ceba

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

psapi

ntdll

userenv

ws2_32

winhttp

kernel32

user32

advapi32

shell32

ole32

Sections

.text Size: 59KB - Virtual size: 59KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 43KB - Virtual size: 44KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 59KB - Virtual size: 59KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 43KB - Virtual size: 44KB

.reloc
Size: 3KB - Virtual size: 3KB