07000ca19e1bf28e37687ee1b0f89feb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

07000ca19e1bf28e37687ee1b0f89feb_JaffaCakes118
Size

106KB
MD5

07000ca19e1bf28e37687ee1b0f89feb
SHA1

b0f7609f32ec4b7464bab544cfba79e34aeaff06
SHA256

651d2228c40286e30dad803c557839efc306b1ffbe6358ea1f5d0c511a832369
SHA512

01620aeeaab054e5bc499254a82a68969472c71a5d852d31556e7568fbedf00c5e9bbaacffb576dcb12714b926141ec53c50045bec13fdb4020971ccc5d239ac
SSDEEP

3072:7bcFYWcmffmB2iLlZbXQ3Qf/CwVk7ewdR:HcuV243QgfFk75dR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
07000ca19e1bf28e37687ee1b0f89feb_JaffaCakes118

Files

07000ca19e1bf28e37687ee1b0f89feb_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a79b9ae1035e914f8d9fdd43a0edbc3e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
GlobalUnlock
GetLastError
SetLastError
ResetEvent
GetSystemTime
GetCurrentThread
SetThreadPriority
GetLocalTime
CreateThread
ExpandEnvironmentStringsW
MoveFileExW
GetUserDefaultUILanguage
LoadLibraryA
GetEnvironmentVariableW
FileTimeToDosDateTime
GetTempFileNameW
HeapReAlloc
CreateMutexW
FindFirstFileW
SetEndOfFile
CreateProcessW
HeapAlloc
SystemTimeToFileTime
SetFilePointerEx
HeapFree
GetProcessHeap
IsBadReadPtr
SetFileTime
VirtualQueryEx
OpenProcess
GlobalLock
WideCharToMultiByte
ReadProcessMemory
HeapDestroy
HeapCreate
Thread32Next
ReadFile
GetTimeZoneInformation
MultiByteToWideChar
GetTempPathW
GetFileSizeEx
OpenMutexW
VirtualProtectEx
VirtualAllocEx
FindClose
RemoveDirectoryW
FindNextFileW
VirtualProtect
CreateToolhelp32Snapshot
GetFileTime
ReleaseMutex
FileTimeToLocalFileTime
GetVolumeNameForVolumeMountPointW
DeleteFileW
GetFileInformationByHandle
CreateRemoteThread
Process32FirstW
Process32NextW
GetPrivateProfileIntW
FlushFileBuffers
WriteFile
GetPrivateProfileStringW
GetNativeSystemInfo
SetFileAttributesW
WTSGetActiveConsoleSessionId
lstrcmpiA
CreateFileW
GetFileAttributesW
LoadLibraryW
FreeLibrary
CreateDirectoryW
GetProcessId
VirtualAlloc
SetThreadContext
GetThreadContext
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
WriteProcessMemory
LocalFree
GetCurrentProcessId
CloseHandle
DuplicateHandle
OpenEventW
GetFileAttributesExW
lstrcmpiW
WaitForMultipleObjects
CreateEventW
GetProcAddress
ExitProcess
GetModuleFileNameW
GetVersionExW
Sleep
VirtualFreeEx
VirtualFree
GetModuleHandleW
SetEvent
GetComputerNameW
WaitForSingleObject
SetErrorMode
GetCommandLineW
Thread32First

user32

CharUpperW
PeekMessageW
MsgWaitForMultipleObjects
LoadImageW
DispatchMessageW
DrawIcon
GetIconInfo
CharLowerBuffA
CharLowerA
ExitWindowsEx
CharToOemW
ToUnicode
GetClipboardData
GetKeyboardState
TranslateMessage
CharLowerW
GetCursorPos

advapi32

RegOpenKeyExW
CryptReleaseContext
RegCreateKeyExW
GetTokenInformation
GetSidSubAuthorityCount
OpenThreadToken
CryptAcquireContextW
GetSidSubAuthority
OpenProcessToken
CryptGetHashParam
RegCloseKey
RegEnumKeyExW
ConvertSidToStringSidW
EqualSid
GetLengthSid
IsWellKnownSid
CreateProcessAsUserW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetNamedSecurityInfoW
LookupPrivilegeValueW
CryptCreateHash
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
CryptDestroyHash
AdjustTokenPrivileges
RegSetValueExW
CryptHashData
InitiateSystemShutdownExW
RegQueryValueExW

shlwapi

PathRemoveFileSpecW
StrCmpNIW
PathQuoteSpacesW
StrStrIA
StrStrIW
UrlUnescapeA
wvnsprintfW
PathRemoveBackslashW
PathFindFileNameW
PathAddBackslashW
SHDeleteValueW
PathSkipRootW
SHDeleteKeyW
PathRenameExtensionW
PathAddExtensionW
PathUnquoteSpacesW
PathMatchSpecW
PathCombineW
wvnsprintfA
PathIsURLW
PathIsDirectoryW
StrCmpNIA

shell32

CommandLineToArgvW
ShellExecuteW
SHGetFolderPathW

secur32

GetUserNameExW

ole32

CoUninitialize
CoCreateInstance
CLSIDFromString
StringFromGUID2
CoInitializeEx

ws2_32

accept
getsockname
WSASend
WSAEventSelect
freeaddrinfo
recv
sendto
WSAIoctl
connect
WSAAddressToStringW
WSAStartup
WSAGetLastError
shutdown
setsockopt
bind
socket
WSASetLastError
listen
recvfrom
getaddrinfo
getpeername
closesocket
send
select

crypt32

PFXExportCertStoreEx
CertCloseStore
CertDeleteCertificateFromStore
CertOpenSystemStoreW
PFXImportCertStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext

wininet

InternetQueryOptionA
InternetSetOptionA
InternetQueryOptionW
InternetOpenA
HttpOpenRequestA
InternetCrackUrlA
InternetConnectA
InternetCloseHandle
HttpSendRequestA
HttpAddRequestHeadersA
HttpAddRequestHeadersW
InternetSetStatusCallbackW
GetUrlCacheEntryInfoW
HttpSendRequestW
InternetReadFile
InternetReadFileExA
InternetQueryDataAvailable
HttpSendRequestExW
HttpQueryInfoA
HttpSendRequestExA

oleaut32

SysFreeString
VariantClear
VariantInit
SysAllocString

netapi32

NetUserEnum
NetApiBufferFree
NetUserGetInfo

Sections

.text
Size: 100KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a79b9ae1035e914f8d9fdd43a0edbc3e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

shell32

secur32

ole32

ws2_32

crypt32

wininet

oleaut32

netapi32

Sections

.text Size: 100KB - Virtual size: 104KB

.data Size: 512B - Virtual size: 8KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 100KB - Virtual size: 104KB

.data
Size: 512B - Virtual size: 8KB

.reloc
Size: 4KB - Virtual size: 4KB