0775a35e939a14a382b562c95845cb50_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0775a35e939a14a382b562c95845cb50_JaffaCakes118
Size

104KB
MD5

0775a35e939a14a382b562c95845cb50
SHA1

a3dfb5643c824ae0c3ba2b7f3efb266bfbf46b02
SHA256

0ce3bfa972ced61884ae7c1d77c7d4c45e17c7d767e669610cf2ef72b636b464
SHA512

05688926ecd0e5ab3767394a9751719de43454cae4dbb813697bc29200d20463461765e4f2661e91d0553a32ecad88e9f55cd1d28bf544d9f9b4151b345b448d
SSDEEP

1536:5wCKiKcgbtFF8d1eXyngejX81sc7/vyvigrqrii/y9QXON7dm5Jgw0:kSgF8reXynlj81GSiiKCON5m/F0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0775a35e939a14a382b562c95845cb50_JaffaCakes118

Files

0775a35e939a14a382b562c95845cb50_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8e8dfb0e07693fd438a71fa268322521

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessA
GetSystemDirectoryA
GetTempFileNameA
GetVersionExA
WideCharToMultiByte
GetProcAddress
LoadLibraryA
lstrcpynA
GetPrivateProfileStringA
GetPrivateProfileSectionNamesA
MultiByteToWideChar
IsDebuggerPresent
lstrlenW
lstrcpyA
SetLastError
FreeLibrary
WinExec
OpenProcess
WriteFile
CreateFileA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileSize
FindClose
FindNextFileA
FindFirstFileA
ExpandEnvironmentStringsA
CreateThread
HeapCreate
HeapDestroy
HeapReAlloc
GetLastError
GetVolumeInformationA
GetWindowsDirectoryA
GetEnvironmentVariableA
GetCurrentProcess
ReadFile
DuplicateHandle
CreatePipe
GetStdHandle
GetTickCount
ExitProcess
CreateNamedPipeA
GetShortPathNameA
SetErrorMode
SetPriorityClass
OutputDebugStringA
GetCurrentThreadId
GetProcessHeap
HeapFree
SetFilePointer
MoveFileA
CompareStringA
lstrcmpiA
CompareStringW
GetProcessTimes
DeleteFileA
WaitForSingleObject
CreateToolhelp32Snapshot
CloseHandle
Thread32First
Thread32Next
lstrcatA
lstrcmpA
Sleep
GetFileAttributesA
GetFileTime
FileTimeToSystemTime
lstrlenA
GlobalFree
LocalFree
GetSystemInfo
GetLogicalDrives
GetDriveTypeA
GetDiskFreeSpaceA
GetSystemTime
GetComputerNameA
GlobalAlloc
GetACP
GetOEMCP
GetCurrentDirectoryA
GetTempPathA
GetModuleHandleA
HeapAlloc
GetModuleFileNameA

user32

EnumThreadWindows
ShowWindow
MessageBoxA
EnumDisplaySettingsA
GetSystemMetrics
wsprintfA
wvsprintfA
LockSetForegroundWindow
CharLowerBuffA
CharUpperBuffA
GetKeyboardLayoutNameA

advapi32

CryptHashData
CryptDecrypt
CryptDestroyKey
CryptDestroyHash
CryptReleaseContext
RegEnumValueW
RegQueryValueExW
RegEnumValueA
RegOpenKeyExA
RegQueryInfoKeyA
RegEnumKeyExA
RegOpenKeyA
RegEnumKeyA
RegQueryValueExA
RegCloseKey
GetUserNameA
CryptCreateHash
CryptAcquireContextA
OpenProcessToken
RegSetValueExA
RegCreateKeyA
RegDeleteValueA
AdjustTokenPrivileges
LookupPrivilegeValueA
CryptGenRandom
CryptDeriveKey

oleaut32

SysAllocString
SafeArrayPutElement
SafeArrayCreate
VariantInit
SysFreeString

shell32

SHGetSpecialFolderPathA
SHGetFolderPathA
ord680

ole32

CoCreateInstance
OleInitialize
CoTaskMemFree

psapi

EnumProcesses
GetModuleFileNameExA

shlwapi

StrStrIA

crypt32

CryptUnprotectData

iphlpapi

GetNetworkParams

ws2_32

WSAStartup
gethostname
gethostbyname
inet_ntoa

urlmon

URLDownloadToFileA

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8e8dfb0e07693fd438a71fa268322521

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

shell32

ole32

psapi

shlwapi

crypt32

iphlpapi

ws2_32

urlmon

Sections

.text Size: 72KB - Virtual size: 71KB

.rdata Size: 20KB - Virtual size: 18KB

.data Size: 8KB - Virtual size: 14KB

.text
Size: 72KB - Virtual size: 71KB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 8KB - Virtual size: 14KB