b312bf74756f22d2a2caa09d9deadeac_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b312bf74756f22d2a2caa09d9deadeac_JaffaCakes118
Size

2.3MB
MD5

b312bf74756f22d2a2caa09d9deadeac
SHA1

7615d8964b6ae6317048d609ad34eaa60bf2ab64
SHA256

dfc3be6e6829f7d095e17e7286cd6117ced6dceeb911dacbea33eb89d3046daf
SHA512

92b6bfdfbb090b2d1273bab3691b0da709d58a7d155b86c0a690660a73cff87a710334919d0aa38258caa5e9cc68ed465444b8684a73a1c0cf958ff03923a228
SSDEEP

49152:tO9JgAi2275QrtZSTltVd5XKD625FTmXBx599bosOSvAx:tQx8ltVMFTYn99bA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b312bf74756f22d2a2caa09d9deadeac_JaffaCakes118

Files

b312bf74756f22d2a2caa09d9deadeac_JaffaCakes118
.exe windows:5 windows x86 arch:x86

dbcbf980d745cbc5fa0e206df8061af6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileSize
GetTempPathW
ReadFile
FileTimeToLocalFileTime
FileTimeToSystemTime
SetEndOfFile
SetFilePointer
MultiByteToWideChar
GetCurrentProcessId
CreateProcessW
WaitForSingleObject
GetExitCodeProcess
GetCurrentDirectoryW
LoadLibraryW
GetProcAddress
GetCurrentProcess
QueryDosDeviceW
CreateToolhelp32Snapshot
Process32FirstW
OpenProcess
TerminateProcess
Process32NextW
GetStartupInfoW
GetEnvironmentStringsW
FreeEnvironmentStringsW
FreeLibrary
ResumeThread
GetVersion
GetVersionExW
GetSystemDirectoryW
GetDriveTypeW
SleepEx
GetFileInformationByHandle
LocalFileTimeToFileTime
SetFileTime
CreateEventW
ResetEvent
WaitForMultipleObjects
InterlockedDecrement
InterlockedIncrement
DuplicateHandle
FindFirstFileExW
RemoveDirectoryW
FindClose
FindNextFileW
FindFirstFileW
GetTempFileNameW
DeleteFileW
MoveFileExW
WriteFile
CreateFileW
GetUserDefaultUILanguage
FormatMessageA
ExpandEnvironmentStringsA
PeekNamedPipe
VerifyVersionInfoW
VerSetConditionMask
SetEnvironmentVariableA
ReadConsoleW
WriteConsoleW
SetStdHandle
SetFilePointerEx
GetOEMCP
GetACP
IsValidCodePage
GetConsoleMode
GetConsoleCP
FlushFileBuffers
QueryPerformanceCounter
lstrcpynW
CloseHandle
GetCurrentThreadId
GetLocalTime
EnterCriticalSection
SetLastError
InterlockedExchange
GetFileAttributesW
LeaveCriticalSection
WideCharToMultiByte
InitializeCriticalSection
OutputDebugStringW
SetEvent
InterlockedCompareExchange
CreateDirectoryW
UnmapViewOfFile
SetFileAttributesW
DecodePointer
SetDllDirectoryW
WritePrivateProfileStringW
FindResourceExW
FindResourceW
GetModuleHandleW
GetModuleFileNameW
GetTickCount
SizeofResource
LoadResource
LockResource
Sleep
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
GetFileType
GetStdHandle
GetTimeZoneInformation
AreFileApisANSI
GetModuleHandleExW
ExitProcess
GetLocaleInfoW
LCMapStringW
CompareStringW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
LoadLibraryExW
ExitThread
CreateThread
GetFullPathNameW
IsProcessorFeaturePresent
GetCommandLineW
GetSystemTimeAsFileTime
RtlUnwind
GetStringTypeW
EncodePointer
IsDebuggerPresent
HeapDestroy
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime

user32

DestroyWindow
SetTimer
KillTimer
LoadStringW
GetWindowLongW
SetWindowLongW
FindWindowA
SendMessageTimeoutW
SendMessageW
IsWindow
PostMessageW
DefWindowProcW
RegisterWindowMessageW
CreateWindowExW
CallWindowProcW
GetMessageW
TranslateMessage
PostQuitMessage
DispatchMessageW

advapi32

RegCreateKeyExW
CryptEncrypt
RegOpenKeyW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
CloseServiceHandle
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
CryptGetHashParam
CryptAcquireContextW
CryptReleaseContext
CryptCreateHash
CryptDestroyHash
CryptHashData
CryptImportKey
CryptDestroyKey

shell32

SHChangeNotify
SHGetSpecialFolderPathW
ShellExecuteW
SHFileOperationW

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance

oleaut32

SysFreeString
SysAllocString
VariantClear

shlwapi

PathAppendW
PathAddBackslashW
PathIsDirectoryW
PathFileExistsW
StrCmpNIW
wnsprintfW

iphlpapi

GetAdaptersInfo

wininet

InternetCloseHandle
InternetCrackUrlW
InternetSetStatusCallbackW
InternetReadFileExA
InternetOpenW
InternetConnectW
HttpSendRequestW
HttpAddRequestHeadersW
HttpOpenRequestW
HttpQueryInfoW

ws2_32

bind
connect
WSAGetLastError
ntohs
recvfrom
sendto
htons
socket
select
WSAStartup
setsockopt
ioctlsocket
recv
send
WSACleanup
getsockopt
closesocket
getsockname
getpeername
gethostname
WSAIoctl
__WSAFDIsSet
accept
listen
freeaddrinfo
getaddrinfo
WSASetLastError

wldap32

ord301
ord133
ord142
ord46
ord147
ord167
ord208
ord145
ord14
ord216
ord79
ord26
ord41
ord127
ord118
ord27

Sections

.text
Size: 476KB - Virtual size: 475KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dbcbf980d745cbc5fa0e206df8061af6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

iphlpapi

wininet

ws2_32

wldap32

Sections

.text Size: 476KB - Virtual size: 475KB

.rdata Size: 127KB - Virtual size: 126KB

.data Size: 7KB - Virtual size: 17KB

.rsrc Size: 1.7MB - Virtual size: 1.7MB

.reloc Size: 19KB - Virtual size: 19KB

.text
Size: 476KB - Virtual size: 475KB

.rdata
Size: 127KB - Virtual size: 126KB

.data
Size: 7KB - Virtual size: 17KB

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

.reloc
Size: 19KB - Virtual size: 19KB