08d8f23b469ac4e761331090bdaabf96_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

08d8f23b469ac4e761331090bdaabf96_JaffaCakes118
Size

108KB
MD5

08d8f23b469ac4e761331090bdaabf96
SHA1

fbc63b96fc9fd632e3534699be5463371be33dd7
SHA256

0dd667e09b64b3164e0b3a13c22c05b391ee0dd6b2219678227aa0bcd344c2d5
SHA512

e2412b17524bbbde6f5e589cc6b237059324e043ef7d9c71c8e388a0bf4f5bcdfd6c646ff2cd5d4f343cd8e6b59d8f80ad610c7c5eb189fecb3ebd416377db9d
SSDEEP

1536:+q0vO8LJI0AR1mfB5wsOhuFhGtXZ7VCSo7Q:4RiyL9O4jGtXZxCpc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
08d8f23b469ac4e761331090bdaabf96_JaffaCakes118

Files

08d8f23b469ac4e761331090bdaabf96_JaffaCakes118
.exe windows:4 windows x86 arch:x86

558fea6a5f3ca61513760b94d5618c6c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
ExitThread
GetTickCount
ReleaseMutex
CreateMutexW
SetLastError
VirtualFree
ExitProcess
GetModuleFileNameW
HeapFree
MultiByteToWideChar
HeapAlloc
GetProcessHeap
WideCharToMultiByte
GetCurrentProcess
GetProcAddress
GetModuleHandleA
ExpandEnvironmentStringsW
ExpandEnvironmentStringsA
LoadLibraryA
FreeLibrary
GetVolumeInformationW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetCurrentProcessId
Thread32Next
SuspendThread
OpenThread
Thread32First
GetVersionExA
MoveFileExW
DeleteFileW
WriteProcessMemory
ReadProcessMemory
VirtualAlloc
VirtualProtect
VirtualQuery
OpenProcess
CreateRemoteThread
VirtualFreeEx
SetFilePointer
CreateProcessW
CopyFileW
GetExitCodeThread
CreateMutexA
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
UnmapViewOfFile
OutputDebugStringA
ReadFile
GetFileSize
CreateFileW
GetStartupInfoA
GetCommandLineA
GetVersion
TerminateProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
RtlUnwind
CompareStringA
CompareStringW
SetEnvironmentVariableW
GetStringTypeA
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
HeapReAlloc
SetStdHandle
LCMapStringA
LCMapStringW
FlushFileBuffers
DeleteFileA
WriteFile
CreateProcessA
ResumeThread
MoveFileExA
SetEvent
ResetEvent
WaitForSingleObject
LocalAlloc
CreateEventW
GetModuleFileNameA
OpenEventW
CreateThread
CloseHandle
GetLastError
VirtualAllocEx
Sleep

advapi32

OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
InitializeSecurityDescriptor
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
RegEnumValueW
RegSetValueExW
RegCloseKey
RegDeleteValueW

ntdll

NtQueryObject
RtlFreeUnicodeString
NtQueryInformationFile
NtClose
NtQueryKey
RtlCompareUnicodeString
NtDeleteFile
NtQueryInformationThread
RtlInitUnicodeString
RtlUnicodeStringToAnsiString
RtlFreeAnsiString

psapi

GetModuleFileNameExW

ws2_32

WSAStartup
WSACleanup
htons
send
recv
gethostbyname
closesocket
connect
socket

wininet

InternetOpenUrlA
InternetCloseHandle
InternetReadFile
InternetOpenA
InternetQueryOptionW

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

558fea6a5f3ca61513760b94d5618c6c

Headers

File Characteristics

Imports

kernel32

advapi32

ntdll

psapi

ws2_32

wininet

Sections

.text Size: 56KB - Virtual size: 56KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 32KB - Virtual size: 32KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 56KB - Virtual size: 56KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 32KB - Virtual size: 32KB

.reloc
Size: 8KB - Virtual size: 8KB