b3b983a017eee5ea8dfe2fe52d7b11ac_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b3b983a017eee5ea8dfe2fe52d7b11ac_JaffaCakes118
Size

188KB
MD5

b3b983a017eee5ea8dfe2fe52d7b11ac
SHA1

b2e2bf29c6d057e550a726ec1528d2ef97d6b377
SHA256

16cb5e4105838049e4180f728658437013028ec57bf35329f947b1052803780f
SHA512

90e6e9066d870bce0b7a6b8b14ea94ab41358dd0442f5657dd301b3af9a6f3a1271788cd37dced472a1c21b1958adb8b133651fd005734bca3e001ef5d513052
SSDEEP

3072:KQhdle85D9tLdNvYADBRlWeXOBea98DzMSFQ2wiJggZOdvqfZTQGBCPOClscj9HB:ZhLea9tLd9QeX2eMxs2+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b3b983a017eee5ea8dfe2fe52d7b11ac_JaffaCakes118

Files

b3b983a017eee5ea8dfe2fe52d7b11ac_JaffaCakes118
.exe windows:5 windows x86 arch:x86

bd8bab6577ccbef15e3e3d2268ffa616

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

N:\Research\al-khaser-mainrepo\al-khaser\Release\al-khaser.pdb

Imports

kernel32

SetLastError
GetLastError
OutputDebugStringW
VerSetConditionMask
VerifyVersionInfoW
GetModuleHandleW
QueryInformationJobObject
OpenProcess
GetCurrentProcessId
SetHandleInformation
CreateMutexW
RaiseException
SetUnhandledExceptionFilter
GetBinaryTypeW
GetEnvironmentVariableW
GetWriteWatch
ResetWriteWatch
GlobalGetAtomNameW
HeapQueryInformation
ReadProcessMemory
DeviceIoControl
LocalAlloc
CreateFileW
GetDiskFreeSpaceExW
LocalFree
GlobalMemoryStatusEx
GetTickCount
EnumSystemFirmwareTables
ExpandEnvironmentStringsW
GetWindowsDirectoryW
WaitForSingleObject
ReadFile
GetConsoleScreenBufferInfo
Sleep
lstrlenW
GetStdHandle
MultiByteToWideChar
FormatMessageW
LocalSize
GetConsoleWindow
SetConsoleTitleW
GetSystemFirmwareTable
HeapFree
GetFileAttributesW
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
HeapAlloc
GetProcessHeap
CreateEventW
GetSystemInfo
DecodePointer
SetEndOfFile
WriteConsoleW
HeapSize
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetStringTypeW
SetStdHandle
VirtualFree
VirtualProtect
IsDebuggerPresent
AddVectoredExceptionHandler
RemoveVectoredExceptionHandler
GetThreadContext
GetCurrentThread
VirtualAlloc
GetProcAddress
LoadLibraryW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
VirtualQuery
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
CloseHandle
CheckRemoteDebuggerPresent
SetConsoleTextAttribute
GetCurrentProcess
GetTimeZoneInformation
GetCPInfo
HeapReAlloc
GetFileType
LCMapStringW
CompareStringW
GetACP
GetCommandLineW
GetCommandLineA
GetModuleHandleExW
ExitProcess
GetModuleFileNameA
WriteFile
WideCharToMultiByte
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
LoadLibraryExW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
UnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
EncodePointer
GetModuleFileNameW
RtlUnwind
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary

user32

GetSystemMetrics
KillTimer
GetShellWindow
GetWindowThreadProcessId
MessageBoxW
GetCursorPos
FindWindowW
TranslateMessage
MoveWindow
GetMessageW
DispatchMessageW
SetTimer

advapi32

OpenProcessToken
EnumServicesStatusExW
OpenSCManagerW
RegCloseKey
SystemFunction036
RegOpenKeyExW
RegQueryValueExW
GetTokenInformation

shell32

SHGetSpecialFolderPathW

ole32

CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CoSetProxyBlanket
CoUninitialize

oleaut32

VariantClear
SafeArrayAccessData
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayGetLBound

iphlpapi

IcmpSendEcho
GetAdaptersInfo
IcmpCreateFile

shlwapi

StrCmpW
StrStrIW
StrCmpIW
PathCombineW

psapi

GetProcessImageFileNameW

mpr

WNetGetProviderNameW

powrprof

GetPwrCapabilities

setupapi

SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW

winmm

timeKillEvent
timeGetDevCaps
timeSetEvent
timeEndPeriod

Sections

.text
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bd8bab6577ccbef15e3e3d2268ffa616

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

iphlpapi

shlwapi

psapi

mpr

powrprof

setupapi

winmm

Sections

.text Size: 124KB - Virtual size: 123KB

.rdata Size: 51KB - Virtual size: 51KB

.data Size: 3KB - Virtual size: 5KB

.gfids Size: 512B - Virtual size: 296B

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 124KB - Virtual size: 123KB

.rdata
Size: 51KB - Virtual size: 51KB

.data
Size: 3KB - Virtual size: 5KB

.gfids
Size: 512B - Virtual size: 296B

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 7KB - Virtual size: 7KB