a1368e8f27371d11c4b96390332708bb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a1368e8f27371d11c4b96390332708bb_JaffaCakes118
Size

89KB
MD5

a1368e8f27371d11c4b96390332708bb
SHA1

60ab302ba104963bdc3c4720e6fc60cbc890a816
SHA256

3f297750eec5c27bef09ebebc27bf3773c6eaa8cb9310782bee37637f3cf98e0
SHA512

1d64936fdbd7a7fe563267dc0ef71598f40a48a6bdb0e757b96d3a3ddea73a5d40b90f05b62d93ace60b14a75ebabaa296fb5327be4e4d2c02f930b249333b57
SSDEEP

1536:x0B3t0KkhodqWUpJ6pPMxTl4YKRPWTpDqr7/dgEOTvezWlurdM7eH/1C8YZf+lUz:xA5k6qWFvYKRPWagEOTveycrjH/1hKiE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a1368e8f27371d11c4b96390332708bb_JaffaCakes118

Files

a1368e8f27371d11c4b96390332708bb_JaffaCakes118
.exe windows:5 windows x86 arch:x86

7820410a776571d1b18ff13f1c700b38

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
GetProcessHeap
GetModuleHandleA
GetEnvironmentVariableW
CreateProcessW
TerminateProcess
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
CreateMutexW
SetThreadExecutionState
MulDiv
ExitThread
InterlockedExchange
InterlockedExchangeAdd
ReleaseMutex
WideCharToMultiByte
MultiByteToWideChar
SetLastError
SystemTimeToFileTime
GetSystemTime
GetVolumeNameForVolumeMountPointW
GetDriveTypeW
FreeLibrary
GetLogicalDrives
LoadLibraryW
GetCommandLineW
GetFileSize
WaitForSingleObject
GetComputerNameW
GetModuleHandleW
IsBadReadPtr
GetGeoInfoW
GetUserGeoID
GetVersionExW
HeapAlloc
HeapReAlloc
CreateThread
DuplicateHandle
DeleteCriticalSection
QueryDosDeviceW
ResetEvent
EnterCriticalSection
LeaveCriticalSection
TerminateThread
OpenProcess
InitializeCriticalSection
GetLogicalDriveStringsW
GetCurrentProcess
FindNextFileW
lstrcmpiW
RemoveDirectoryW
GetTempPathW
GetCurrentThread
FindFirstFileW
GetFileInformationByHandle
DeleteFileW
WaitForMultipleObjects
CreateFileMappingW
FindClose
MoveFileW
VirtualAlloc
GetFileSizeEx
GetOverlappedResult
VirtualFree
FlushViewOfFile
SetFilePointerEx
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
GetTickCount
GetLastError
GetFileAttributesW
WriteFile
SetEvent
CreateDirectoryW
Sleep
GetVolumeInformationW
SetFileAttributesW
LocalFree
GetCurrentProcessId
ReadFile
GetModuleFileNameW
CreateFileW
GetProcAddress
CreateEventW
GetSystemInfo
GetUserDefaultUILanguage
CloseHandle
GetWindowsDirectoryW
ExitProcess

user32

CharToOemW
SystemParametersInfoW
SetRect
GetDC
DrawTextW
CharUpperW
GetSystemMetrics
ReleaseDC

advapi32

CryptExportKey
GetLengthSid
CryptGetHashParam
CryptAcquireContextW
CryptSetKeyParam
CryptReleaseContext
CryptGenRandom
CryptImportKey
CryptEncrypt
CryptCreateHash
CryptGenKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
OpenThreadToken
MapGenericMask
AccessCheck
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
FreeSid
RevertToSelf
SetEntriesInAclW
AllocateAndInitializeSid
ImpersonateSelf
SetNamedSecurityInfoW
GetFileSecurityW
IsWellKnownSid

shlwapi

PathCombineW
PathRemoveFileSpecW
PathFindFileNameW
PathFindExtensionW
PathIsDirectoryW
PathUnquoteSpacesW
PathRemoveBackslashW
PathStripToRootW
PathAddExtensionW
PathAddBackslashW
wvnsprintfA
wvnsprintfW
SHDeleteValueW
PathFileExistsW
StrCmpNIW
PathAppendW
PathStripPathW

ole32

StringFromGUID2
CLSIDFromString

shell32

SHChangeNotify
SHGetFolderPathW
CommandLineToArgvW
ShellExecuteW

crypt32

CryptDecodeObjectEx
CryptStringToBinaryW
CryptBinaryToStringW
CryptEncodeObject
CryptExportPublicKeyInfo

wininet

InternetCrackUrlA
InternetCloseHandle
InternetSetOptionA
HttpQueryInfoA
InternetConnectA
InternetReadFile
HttpOpenRequestA
HttpSendRequestA
InternetOpenA
InternetQueryOptionA

psapi

GetMappedFileNameW

mpr

WNetCloseEnum
WNetOpenEnumW
WNetCancelConnection2W
WNetAddConnection2W
WNetEnumResourceW
WNetGetConnectionW

netapi32

NetShareEnum
NetApiBufferFree

gdi32

GetDIBits
CreateFontW
CreateCompatibleBitmap
GetObjectW
SelectObject
DeleteObject
SetBkMode
GetDeviceCaps
DeleteDC
SetTextColor
BitBlt
CreateCompatibleDC

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ovi
Size: 3KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.win
Size: 35KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7820410a776571d1b18ff13f1c700b38

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

ole32

shell32

crypt32

wininet

psapi

mpr

netapi32

gdi32

Sections

.text Size: 38KB - Virtual size: 38KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 6KB

.ovi Size: 3KB - Virtual size: 63KB

.win Size: 35KB - Virtual size: 63KB

.text
Size: 38KB - Virtual size: 38KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 6KB

.ovi
Size: 3KB - Virtual size: 63KB

.win
Size: 35KB - Virtual size: 63KB