4a7b3ead2eff0b8dee43337a652084e5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4a7b3ead2eff0b8dee43337a652084e5_JaffaCakes118
Size

592KB
MD5

4a7b3ead2eff0b8dee43337a652084e5
SHA1

2b84376b48be6ad503794faf4b135fb1e30ed77b
SHA256

8e37833af9c07877aa9a0fb9f1fe82f0fc0187d8ac4457714b12d2fb1204c384
SHA512

63117cfad42b9b092d0bee06fe82724e352b24ca71f2f2ca77880c2d4afa8f02ae1ad58e22c4ae768c8011a88f69eac93a8426525d6d4fb9afc2f3155a202a64
SSDEEP

12288:NdBLseuOU7ddZgwqZyt7W9OzNsX14TROvO9Y9xsKeTGwM1YEMwAwIynigkd6R/aj:Ndadd2Po9FaPPIP6Baf5ZmNd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4a7b3ead2eff0b8dee43337a652084e5_JaffaCakes118

Files

4a7b3ead2eff0b8dee43337a652084e5_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ecf8de545f9965c530e4bd7fbc175a94

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\yura\Desktop\al-khaser-master\Release\al-khaser.pdb

Imports

kernel32

CreateMutexW
SetHandleInformation
CreateEventW
SetEvent
CreateThread
SwitchToThread
WaitForSingleObject
SetUnhandledExceptionFilter
RaiseException
GetWriteWatch
GlobalGetAtomNameW
GetEnvironmentVariableW
GetBinaryTypeW
HeapQueryInformation
ReadProcessMemory
ResetWriteWatch
GetModuleHandleW
GetSystemWindowsDirectoryW
CreateFileW
DeviceIoControl
LocalFree
LocalAlloc
GlobalMemoryStatusEx
GetDiskFreeSpaceExW
GetWindowsDirectoryW
ExpandEnvironmentStringsW
GetFullPathNameW
ReadFile
GetModuleHandleA
LoadLibraryA
GetStdHandle
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
SetConsoleTitleW
GetConsoleWindow
FormatMessageW
lstrlenW
LocalSize
MultiByteToWideChar
GetFileAttributesW
HeapAlloc
GetProcessHeap
HeapFree
CreateToolhelp32Snapshot
Process32FirstW
HeapSize
SetEndOfFile
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
OutputDebugStringW
GetCommandLineW
GetCommandLineA
FindNextFileW
GetModuleHandleExW
FindFirstFileExW
SetLastError
Sleep
VerSetConditionMask
VerifyVersionInfoW
LoadLibraryW
GetProcAddress
VirtualFree
VirtualProtect
GetSystemInfo
IsDebuggerPresent
FindClose
GetCurrentDirectoryW
SetStdHandle
FlushFileBuffers
GetTimeZoneInformation
HeapReAlloc
GetOEMCP
IsValidCodePage
GetCPInfo
GetStringTypeW
LCMapStringW
CompareStringW
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetCurrentProcessId
Process32NextW
VirtualQuery
WriteFile
GetModuleFileNameW
ExitProcess
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
SetFilePointerEx
FreeLibraryAndExitThread
ExitThread
DecodePointer
GetACP
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RtlUnwind
InitializeSListHead
GetCurrentThreadId
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
WideCharToMultiByte
ExpandEnvironmentStringsA
WaitForMultipleObjects
PeekNamedPipe
GetFileType
WaitForSingleObjectEx
FormatMessageA
VerifyVersionInfoA
GetSystemDirectoryA
SleepEx
DeleteCriticalSection
RemoveVectoredExceptionHandler
AddVectoredExceptionHandler
GetCurrentThread
GetThreadContext
VirtualAlloc
CloseHandle
GetCurrentProcess
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetTickCount64
FreeLibrary
GetLastError
CheckRemoteDebuggerPresent
GetEnvironmentStringsW
GetSystemTimeAsFileTime

user32

MoveWindow
wsprintfW
FindWindowW

advapi32

CryptDestroyKey
CryptEncrypt
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
GetTokenInformation
OpenProcessToken
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
EnumServicesStatusExW
OpenSCManagerW
CryptImportKey

shell32

SHGetSpecialFolderPathW

ole32

CoInitializeSecurity
CoCreateInstance
CoSetProxyBlanket
CoUninitialize
CoInitializeEx

oleaut32

SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElement
VariantClear

shlwapi

PathGetDriveNumberW
PathBuildRootW
wnsprintfW
StrStrIW
StrCmpIW
PathCombineW

mpr

WNetGetProviderNameW

iphlpapi

GetAdaptersInfo

psapi

GetModuleInformation

setupapi

SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo

powrprof

GetPwrCapabilities

ws2_32

setsockopt
WSAIoctl
getaddrinfo
freeaddrinfo
accept
listen
recvfrom
sendto
ntohs
htons
ntohl
htonl
WSACleanup
WSAGetLastError
socket
__WSAFDIsSet
select
WSAStartup
getsockopt
getsockname
getpeername
connect
gethostname
ioctlsocket
closesocket
bind
send
recv
WSASetLastError

crypt32

CertFreeCertificateContext

wldap32

ord143
ord22
ord26
ord27
ord32
ord33
ord35
ord79
ord30
ord200
ord301
ord50
ord60
ord211
ord46
ord41

normaliz

IdnToAscii

Sections

.text
Size: 379KB - Virtual size: 379KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 99KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ecf8de545f9965c530e4bd7fbc175a94

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

mpr

iphlpapi

psapi

setupapi

powrprof

ws2_32

crypt32

wldap32

normaliz

Sections

.text Size: 379KB - Virtual size: 379KB

.rdata Size: 92KB - Virtual size: 92KB

.data Size: 99KB - Virtual size: 103KB

.gfids Size: 512B - Virtual size: 260B

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 18KB - Virtual size: 17KB

.text
Size: 379KB - Virtual size: 379KB

.rdata
Size: 92KB - Virtual size: 92KB

.data
Size: 99KB - Virtual size: 103KB

.gfids
Size: 512B - Virtual size: 260B

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 18KB - Virtual size: 17KB