5f3e4b2569fea55cc5d445d49d68ab23_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5f3e4b2569fea55cc5d445d49d68ab23_JaffaCakes118
Size

442KB
MD5

5f3e4b2569fea55cc5d445d49d68ab23
SHA1

252d2645af3eb99a7bcde3c8939a53c2eb9c5bae
SHA256

d7e9ac0f9e1824566980571745db256db267a63b1b8bf2164d1a5e79ef9c8a82
SHA512

6bce1e9675e3ca93c7d3eda4ecf63098f65573fff34913c36054277c779abc471acfb23359e4bab693bfa6d888a8c9ef19885dc9ac103bfa2142605fa5ac02ed
SSDEEP

12288:OipuHeSE5SCJe/tn0aHmmoSuwhBKKQ+VOHsJ5zDCM3Eaf:OiL1eaaHmJwhB9VOHsFb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5f3e4b2569fea55cc5d445d49d68ab23_JaffaCakes118

Files

5f3e4b2569fea55cc5d445d49d68ab23_JaffaCakes118
.exe windows:6 windows x86 arch:x86

382638564ce492b4c9e5ce105ffb6bee

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\__Rarog\Release\Rarog.pdb

Imports

kernel32

GetModuleFileNameW
OpenProcess
SetFileAttributesW
GetLogicalDriveStringsW
CreateToolhelp32Snapshot
CopyFileA
Process32NextW
DeleteFileA
Process32FirstW
LoadLibraryW
SetFileAttributesA
SetCurrentDirectoryW
GetProcAddress
RemoveDirectoryA
GetCurrentProcessId
FreeLibrary
TerminateProcess
CreateDirectoryA
GetDriveTypeW
GetCurrentProcess
GetSystemInfo
IsWow64Process
K32GetModuleFileNameExW
GetModuleHandleA
K32GetModuleBaseNameW
ReadProcessMemory
WideCharToMultiByte
K32EnumProcessModules
UnregisterWaitEx
QueryDepthSList
InterlockedPopEntrySList
ReleaseSemaphore
GetModuleFileNameA
CreateDirectoryW
CloseHandle
GetLastError
MultiByteToWideChar
CreateFileW
WriteFile
CreateThread
CopyFileW
Sleep
VirtualFree
VirtualProtect
VirtualAlloc
GetVersionExW
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
SetEndOfFile
HeapSize
ReadConsoleW
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
TryEnterCriticalSection
DuplicateHandle
GetCurrentThread
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetTickCount
EncodePointer
DecodePointer
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
LocalFree
RtlUnwind
LoadLibraryExW
RaiseException
InterlockedPushEntrySList
InterlockedFlushSList
ExitProcess
GetModuleHandleExW
GetStdHandle
GetFileType
WriteConsoleW
GetACP
HeapAlloc
HeapFree
ExitThread
FreeLibraryAndExitThread
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
OutputDebugStringW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ReadFile
SetFilePointerEx
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW

user32

GetForegroundWindow
GetWindowTextA
EnumDisplayDevicesW
MessageBoxW

advapi32

RegCloseKey
RegSetValueExA
RegOpenKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetKernelObjectSecurity
GetCurrentHwProfileW
RegOpenKeyExA
RegDeleteValueA

shell32

SHFileOperationW
ShellExecuteW

ole32

CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance
CoInitializeEx
CoUninitialize

oleaut32

SysFreeString
VariantClear
SysAllocString

ws2_32

socket
closesocket
gethostbyname
WSAStartup
send
htons
connect

winhttp

WinHttpConnect
WinHttpReadData
WinHttpSendRequest
WinHttpCloseHandle
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpOpenRequest
WinHttpOpen

Sections

.text
Size: 320KB - Virtual size: 319KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

382638564ce492b4c9e5ce105ffb6bee

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

ws2_32

winhttp

Sections

.text Size: 320KB - Virtual size: 319KB

.rdata Size: 94KB - Virtual size: 93KB

.data Size: 9KB - Virtual size: 13KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 18KB - Virtual size: 17KB

.text
Size: 320KB - Virtual size: 319KB

.rdata
Size: 94KB - Virtual size: 93KB

.data
Size: 9KB - Virtual size: 13KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 18KB - Virtual size: 17KB