3e8b04d0daff109d1fed022b06739c78_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3e8b04d0daff109d1fed022b06739c78_JaffaCakes118
Size

55KB
MD5

3e8b04d0daff109d1fed022b06739c78
SHA1

d04b24eee133018f17bac6b44f2f72e38782902e
SHA256

9006eb7625db89236b64b9e366d4e5970eaad1ea830b1d39b4932e59f90702a1
SHA512

ea5f5470ae2e4b64beaeabc0d6b630f0935a54b04231ad0f550c878b0648c2951fc382716d587d52290bfe2f266d05c7b1d2684151dae6162b4761ecc0ad8547
SSDEEP

1536:rAaHmfjBSln8rL/3O30gCc9+azVosKN5ZC:rrmfja8P23lq5ZC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/1024-4f5b89def33d6957066ff83a03a27d89d48a0505

Files

3e8b04d0daff109d1fed022b06739c78_JaffaCakes118
.gz
1024-4f5b89def33d6957066ff83a03a27d89d48a0505
.exe windows:5 windows x64 arch:x64

69d70d0203fc2cecbb1116f8b90acde1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

exit
??1type_info@@UEAA@XZ
__wgetmainargs
__C_specific_handler
_vsnprintf
_exit
_cexit
??2@YAPEAX_K@Z
_time64
??_U@YAPEAX_K@Z
_vsnwprintf
srand
?terminate@@YAXXZ
__set_app_type
_fmode
_commode
__setusermatherr
_localtime64
??3@YAXPEAX@Z
memcpy
_itow
rand
tolower
_XcptFilter
_wtoi
_wcmdln
_initterm
_amsg_exit
_CxxThrowException
memset
wcsftime
??_V@YAXPEAX@Z
memcmp

kernel32

UnhandledExceptionFilter
RtlLookupFunctionEntry
RtlCaptureContext
GetCurrentProcess
WaitForSingleObject
WriteFile
GetVersionExW
GetModuleFileNameW
CloseHandle
GetVersion
SetFilePointer
ReadFile
CreateFileW
lstrcmpiW
GetCommandLineW
GetTempFileNameW
CreateProcessW
MoveFileExW
GetTickCount
InitializeCriticalSectionAndSpinCount
Sleep
CopyFileW
LeaveCriticalSection
GetFileAttributesW
lstrlenW
GetStartupInfoW
GetTempPathW
MoveFileW
EnterCriticalSection
SetCurrentDirectoryW
DeleteFileW
SetFileAttributesW
CreateThread
GetComputerNameW
lstrcmpW
GetFullPathNameW
FindFirstFileW
FindResourceW
FreeLibrary
LoadResource
GetModuleHandleW
SetFileTime
WideCharToMultiByte
LoadLibraryW
lstrcpynW
MultiByteToWideChar
GetLastError
GetProcAddress
FindClose
LockResource
GetSystemInfo
FindNextFileW
GetFileTime
LoadLibraryA
lstrcmpA
lstrlenA
CreateDirectoryW
SignalObjectAndWait
SetEvent
CreateRemoteThread
OpenProcess
VirtualFreeEx
ReadProcessMemory
TerminateProcess
VirtualProtectEx
VirtualAllocEx
ResetEvent
Process32FirstW
GetExitCodeThread
CreateEventW
Process32NextW
CreateToolhelp32Snapshot
DuplicateHandle
WriteProcessMemory
ResumeThread
lstrcpyW
CreateMutexW
LocalFree
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlVirtualUnwind

advapi32

OpenProcessToken
GetTokenInformation
LookupAccountSidW
AllocateAndInitializeSid
FreeSid
ConvertStringSecurityDescriptorToSecurityDescriptorW
DuplicateTokenEx
CreateProcessAsUserW
EqualSid
CryptHashData
CryptDestroyHash
CryptDecrypt
CryptDestroyKey
CryptCreateHash
CryptImportKey
CryptReleaseContext
CryptSetKeyParam
CryptAcquireContextW
CryptGetHashParam
GetUserNameW

shell32

CommandLineToArgvW
SHGetFolderPathW

ole32

CoInitializeSecurity
CoUninitialize
CoCreateInstance
CoInitializeEx

oleaut32

SysAllocStringLen
SysFreeString
VariantInit
VariantClear
SysAllocString

crypt32

CryptBinaryToStringW
CryptStringToBinaryW

shlwapi

PathRemoveBackslashW
PathFindExtensionW
StrStrIW
PathRenameExtensionW
PathCombineW
PathAddBackslashW
PathFindFileNameW
PathRemoveFileSpecW

ntdll

NtQueryInformationProcess

winhttp

WinHttpOpen
WinHttpSetTimeouts
WinHttpSetOption
WinHttpSendRequest
WinHttpConnect
WinHttpCrackUrl
WinHttpReadData
WinHttpOpenRequest
WinHttpReceiveResponse
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpCloseHandle

iphlpapi

GetAdaptersInfo

ws2_32

WSACleanup
getaddrinfo
WSAStartup
freeaddrinfo
gethostname

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

Sections

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

69d70d0203fc2cecbb1116f8b90acde1

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

advapi32

shell32

ole32

oleaut32

crypt32

shlwapi

ntdll

winhttp

iphlpapi

ws2_32

userenv

Sections

.text Size: 76KB - Virtual size: 76KB

.rdata Size: 28KB - Virtual size: 28KB

.data Size: 4KB - Virtual size: 4KB

.pdata Size: 8KB - Virtual size: 8KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 76KB - Virtual size: 76KB

.rdata
Size: 28KB - Virtual size: 28KB

.data
Size: 4KB - Virtual size: 4KB

.pdata
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 4KB