a410188cf459e3beb5be623f1dc1ab75_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

a410188cf459e3beb5be623f1dc1ab75_JaffaCakes118
Size

517KB
MD5

a410188cf459e3beb5be623f1dc1ab75
SHA1

85615da588fe978d82c6bc06e2b0d7db58a4f913
SHA256

509b7eacb051087d49d9357c354532cf1561f065f11d0c2b6bc24f53fb255e2e
SHA512

a28a42ce5ecca6b6be0068083c7fba49c76050a0e6dd92b801a0fed281140679cf0b74353c3de2298dcb2e6bf906492d9ded6be080c7c3a81472d3ee0f0e9347
SSDEEP

12288:zVRm47ugq9QLXzNWVn4Fkl6BQ2yLhxPtIS4GudgBXllbXtdj:zVzzzjNO4FkUQ2yL7PtIdGudqlb9dj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
a410188cf459e3beb5be623f1dc1ab75_JaffaCakes118

Files

a410188cf459e3beb5be623f1dc1ab75_JaffaCakes118
.exe windows:5 windows x86 arch:x86

09039f41fc88a3e991a6e3505504e428

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObject
MultiByteToWideChar
WideCharToMultiByte
GetLocaleInfoA
GetTempFileNameW
GetVolumeNameForVolumeMountPointA
GetWindowsDirectoryA
CreateProcessW
FindFirstFileW
GetCurrentProcess
FindClose
DeviceIoControl
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetLogicalDrives
GetDriveTypeW
GetVolumeInformationW
GetDiskFreeSpaceExW
FindNextFileW
CreateThread
LocalFree
CreateEventA
GetTempPathW
GetModuleFileNameW
ExitProcess
FindAtomA
GlobalFindAtomA
GlobalAddAtomA
AddAtomA
GetVersionExA
GetUserDefaultUILanguage
MulDiv
OpenMutexA
SetThreadPriority
GetCurrentThread
CopyFileW
GetUserDefaultLangID
GetSystemDefaultLangID
SetUnhandledExceptionFilter
SetErrorMode
CloseHandle
ReadFile
WriteFile
FlushFileBuffers
GetFileSizeEx
SetFilePointer
SetFileTime
CreateFileW
DeleteFileW
MoveFileExW
GetSystemTimeAsFileTime
lstrlenA
LoadLibraryW
HeapReAlloc
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
VirtualQuery
GetStringTypeW
LCMapStringW
SetFileAttributesW
GetFileAttributesExW
FreeLibrary
LoadLibraryA
InterlockedDecrement
Sleep
GetTickCount
GetLastError
GetSystemDirectoryW
VirtualFree
GetProcAddress
GetModuleHandleA
VirtualAlloc
HeapCreate
GetStdHandle
TerminateProcess
IsDebuggerPresent
UnhandledExceptionFilter
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapSize
GetCurrentThreadId
SetLastError
GetModuleHandleW
InterlockedIncrement
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsProcessorFeaturePresent
GetStartupInfoW
HeapSetInformation
GetCommandLineA
HeapFree
HeapAlloc
RaiseException
RtlUnwind

advapi32

CryptEncrypt
CryptGenRandom
CryptReleaseContext
AllocateAndInitializeSid
SetEntriesInAclA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
CryptImportKey
CryptAcquireContextA
RegDeleteValueA
RegSetValueExW
RegSetValueExA
AccessCheck
MapGenericMask
DuplicateToken
OpenThreadToken
GetFileSecurityW
CryptGetKeyParam
CryptSetHashParam
CryptCreateHash
CryptDestroyHash
CryptGetHashParam
CryptHashData
SetTokenInformation
OpenProcessToken
EqualSid
GetTokenInformation
RegCloseKey
RegOpenKeyExA
CryptDestroyKey

mpr

WNetCloseEnum
WNetAddConnection2W
WNetOpenEnumW
WNetEnumResourceW

shell32

ShellExecuteW
SHGetFolderPathW

wininet

InternetCrackUrlA
InternetCloseHandle
InternetSetOptionA
InternetQueryOptionA
InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
HttpSendRequestExA
HttpEndRequestA
HttpQueryInfoA
InternetReadFile
InternetWriteFile
HttpAddRequestHeadersA

gdi32

SetBkMode
GetDeviceCaps
SetTextColor
GetDIBits
SelectObject
CreateCompatibleDC
DeleteDC
CreateFontA
CreateSolidBrush
GetObjectA
DeleteObject
CreateCompatibleBitmap

user32

GetDC
ReleaseDC
DrawTextW
FillRect
GetSystemMetrics
SystemParametersInfoW
FrameRect

ole32

CoUninitialize
CoCreateInstance
CoInitializeSecurity
CoInitializeEx

netapi32

DsRoleGetPrimaryDomainInformation
DsRoleFreeMemory

urlmon

ObtainUserAgentString

oleaut32

VariantInit
SysFreeString
SysStringByteLen
VariantClear
SysAllocString
SysAllocStringByteLen

Sections

.text
Size: 473KB - Virtual size: 473KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.cdata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

09039f41fc88a3e991a6e3505504e428

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

mpr

shell32

wininet

gdi32

user32

ole32

netapi32

urlmon

oleaut32

Sections

.text Size: 473KB - Virtual size: 473KB

.rdata Size: 25KB - Virtual size: 25KB

.data Size: 4KB - Virtual size: 14KB

.reloc Size: 10KB - Virtual size: 9KB

.cdata Size: 3KB - Virtual size: 4KB

.text
Size: 473KB - Virtual size: 473KB

.rdata
Size: 25KB - Virtual size: 25KB

.data
Size: 4KB - Virtual size: 14KB

.reloc
Size: 10KB - Virtual size: 9KB

.cdata
Size: 3KB - Virtual size: 4KB