b4e92d223a4ded9d7e04ddd2ac5e82d1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b4e92d223a4ded9d7e04ddd2ac5e82d1_JaffaCakes118
Size

63KB
MD5

b4e92d223a4ded9d7e04ddd2ac5e82d1
SHA1

889066ee17b7fce0716167baa33d3a9e61174731
SHA256

532f54b3e2b436cf4cce56d30153a7ab57cebe1e0d89004acd633e35a6aa2c51
SHA512

04a7551617902bd9ae27415b1ef3510606e3b1fae03339c0ed248488ed5f5b40b0fe24c6c3328a86e8291cc224b3e72b1d5906957d1782317494250794b4ce52
SSDEEP

1536:KGrapS29TFN0IHai973OETMYMPv/VMPu1:frapS29JN0IHai973O9YqKPu1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b4e92d223a4ded9d7e04ddd2ac5e82d1_JaffaCakes118

Files

b4e92d223a4ded9d7e04ddd2ac5e82d1_JaffaCakes118
.exe windows:5 windows x86 arch:x86

2c8d0faaba7100f6226c5829432da484

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemInfo
GetPrivateProfileSectionNamesA
FindNextFileA
lstrcmpiW
GetModuleHandleA
GetCurrentDirectoryA
GetVersionExA
LocalFree
lstrcpyA
LocalAlloc
CreateFileA
GetFileSize
MapViewOfFile
UnmapViewOfFile
GetCurrentProcess
GetPrivateProfileStringA
ExpandEnvironmentStringsA
WriteFile
GetFileAttributesA
ReadFile
lstrcatA
CreateDirectoryA
CreateFileMappingA
GetTempPathA
DeleteFileA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
FindClose
FindFirstFileA
SetCurrentDirectoryA
lstrlenW
lstrcmpW
WideCharToMultiByte
GetPrivateProfileIntA
GetWindowsDirectoryA
GetProcAddress
GetLocaleInfoA
lstrcmpA
CloseHandle
lstrcmpiA
LCMapStringA
GlobalUnlock
Sleep
GlobalLock
lstrlenA
ExitProcess
LoadLibraryA
GetTickCount
RtlUnwind

user32

FindWindowExA
SendMessageA
SendMessageW
wsprintfA
GetClassNameA

advapi32

CredEnumerateA
FreeSid
AllocateAndInitializeSid
RegOpenKeyExA
LookupPrivilegeValueA
RegCreateKeyA
RegQueryValueExA
RegSetValueExA
IsTextUnicode
OpenProcessToken
RegCloseKey
RegOpenKeyA
RegEnumKeyExA
CredFree
LogonUserA
GetUserNameA
RevertToSelf
ImpersonateLoggedOnUser
AdjustTokenPrivileges
CheckTokenMembership

shell32

SHGetFolderPathA

ole32

OleInitialize
GetHGlobalFromStream
CreateStreamOnHGlobal
CoCreateGuid
CoTaskMemFree
CoCreateInstance

ws2_32

setsockopt
send
socket
closesocket
gethostbyname
connect
htons
WSAStartup
inet_addr
recv
select

shlwapi

StrRChrIA
StrCmpNIA
StrStrA
StrStrIW
StrToIntA
StrStrIA

wininet

InternetCrackUrlA
InternetCreateUrlA

urlmon

ObtainUserAgentString

netapi32

NetApiBufferFree
NetUserEnum

userenv

UnloadUserProfile
LoadUserProfileA

Sections

.text
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2c8d0faaba7100f6226c5829432da484

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

ws2_32

shlwapi

wininet

urlmon

netapi32

userenv

Sections

.text Size: 43KB - Virtual size: 43KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 2KB - Virtual size: 3KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 43KB - Virtual size: 43KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 2KB - Virtual size: 3KB

.reloc
Size: 3KB - Virtual size: 3KB