5c5321657bf323bd614655a938ae7fd6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5c5321657bf323bd614655a938ae7fd6_JaffaCakes118
Size

1.1MB
MD5

5c5321657bf323bd614655a938ae7fd6
SHA1

ac9bd2d2213a53c0d45a106d4da3e9b07fd52322
SHA256

7e6f9da3e99c64700bdddabce9312763d390f940782b58d18ace726d483f33ac
SHA512

cc159c6af7cc5c376f946ee8edcdef3bdcdc39aabfa00b98d06406ac1968a42fdd5258e5fa34cdbea3633aefdae7778c1292c0627af90420917b91471fb1c729
SSDEEP

24576:2+oeCq5XoLt7xWI6TJqhULQEXa8nCpKgpE0XiGfv5NNwBdVktHEhNMweQYrw:noIeLt7xWBTJqIQEK4Cs0Hiev5NOLVPf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5c5321657bf323bd614655a938ae7fd6_JaffaCakes118

NSIS installer 1 IoCs

installer

resource	yara_rule
sample	nsis_installer_2

Files

5c5321657bf323bd614655a938ae7fd6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cc627b667b06b61c62b1df14a48fab85

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Without\User.pdb

Imports

kernel32

LCMapStringW
LCMapStringA
CreateFileA
CompareStringA
HeapSize
RtlUnwind
SetFilePointer
VirtualQuery
VirtualProtect
VirtualAlloc
VirtualFree
HeapDestroy
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
SetEnvironmentVariableA
FlushFileBuffers
TlsGetValue
TlsSetValue
TlsAlloc
ReadFile
WriteFile
GetStartupInfoA
GetFileType
GetStdHandle
WideCharToMultiByte
HeapFree
CreateThread
ExitThread
GetFileAttributesA
EnterCriticalSection
ExitProcess
FindClose
GetStringTypeW
FindFirstFileA
GetExitCodeThread
FreeLibrary
GetCommandLineA
CreateProcessA
WaitForSingleObject
GetExitCodeProcess
QueryPerformanceFrequency
QueryPerformanceCounter
Sleep
MultiByteToWideChar
LeaveCriticalSection
IsDBCSLeadByteEx
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
VerifyVersionInfoA
VerSetConditionMask
SetEvent
ResetEvent
ReadDirectoryChangesW
QueueUserWorkItem
GetVolumeInformationW
GetModuleHandleA
GetLogicalDrives
GetLastError
GetFileAttributesW
GetDriveTypeW
ExpandEnvironmentStringsW
CreateFileW
CloseHandle
DisableThreadLibraryCalls
SetEndOfFile
FileTimeToLocalFileTime
GetFullPathNameA
GetCurrentDirectoryA
UnmapViewOfFile
CreateFileMappingA
GetFileAttributesExA
GetLongPathNameA
GetModuleFileNameA
MapViewOfFile
FindNextFileA

advapi32

RegOpenKeyExA
GetFileSecurityW
LookupAccountSidW
RegCloseKey
RegEnumKeyExW
RegEnumValueW
RegOpenKeyExW
RegQueryValueExA
RegQueryValueExW
RegEnumKeyA

shell32

SHFileOperationW
SHGetFileInfoW

msvcrt

strstr
strrchr
strncpy
strncmp
strlen
strtol
strchr
memmove
memchr
malloc
free
fflush
swscanf
wcscat
wcscpy
wcslen
fread
fwrite
getenv
gmtime
memcmp
atoi
fputc
localeconv
memset
perror
printf
putchar
puts
qsort
rand
realloc
rename
sprintf
sscanf
strcat
strcpy
strpbrk
time
_getch
atol
strcmp

shlwapi

AssocQueryKeyW
AssocQueryStringW

rpcrt4

RpcRaiseException

ws2_32

WSASend
WSASendTo
WSAStartup
WSAStringToAddressA
WSAWaitForMultipleEvents
accept
bind
connect
WSAEventSelect
getaddrinfo
getnameinfo
getpeername
getservbyname
getsockname
listen
recv
send
setsockopt
shutdown
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
WSAAddressToStringA
freeaddrinfo

Sections

.text
Size: 96KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cc627b667b06b61c62b1df14a48fab85

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

shell32

msvcrt

shlwapi

rpcrt4

ws2_32

Sections

.text Size: 96KB - Virtual size: 94KB

.rdata Size: 56KB - Virtual size: 55KB

.data Size: 84KB - Virtual size: 2.2MB

.rsrc Size: 8KB - Virtual size: 5KB

.text
Size: 96KB - Virtual size: 94KB

.rdata
Size: 56KB - Virtual size: 55KB

.data
Size: 84KB - Virtual size: 2.2MB

.rsrc
Size: 8KB - Virtual size: 5KB