0da54ca6e2449d9452db720b1c2d2b6d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0da54ca6e2449d9452db720b1c2d2b6d_JaffaCakes118
Size

59KB
MD5

0da54ca6e2449d9452db720b1c2d2b6d
SHA1

3a8fed38b4e2c25685fac6b5db91c07b151d1441
SHA256

d1fb70c9e6b6941baad13df40fe1b61891149ac3b8e2b9ac20c50031724a2f6e
SHA512

e6131f55dcf2327de554696c57e082ec9f358264e501d3fc97b0dff0d0979122c96751d1c5f2adece33ee12c97b45d8c3e5b741428b0c64691327223540d75e2
SSDEEP

768:l2CaqVwD/tJiD5fvH4Kz5QvHNvO+lWqlGPiI:l2CaywD/aD5fvYxvHQ+l26I

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0da54ca6e2449d9452db720b1c2d2b6d_JaffaCakes118

Files

0da54ca6e2449d9452db720b1c2d2b6d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

af8ba54331682dd3d93eaf19e7125af0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

kernel32

SetFilePointer
CreateFileA
SetLastError
lstrcpyA
GetLastError
ReadFile
WriteFile
GetTempFileNameA
GetTempPathA
lstrlenA
SetFileAttributesA
lstrcmpiA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
lstrcatA
GetFileSize
lstrcpynA
RemoveDirectoryA
FindClose
FindNextFileA
DeleteFileA
lstrcmpA
FindFirstFileA
WritePrivateProfileStringA
CopyFileA
FlushFileBuffers
Sleep
WaitForSingleObject
SetEvent
GetTickCount
CreateThread
CreateEventA
GetPrivateProfileStringA
ConvertDefaultLocale
SetEndOfFile
GetSystemInfo
GetPrivateProfileIntA
SetCurrentDirectoryA
GetCommandLineA
FreeLibrary
GetProcAddress
LoadLibraryExA
ExitProcess
GetModuleHandleA
ReleaseMutex
CreateMutexA
CreateDirectoryA
CloseHandle
GetVersionExA

user32

ShowWindow
KillTimer
SetFocus
EndDialog
SetDlgItemTextA
GetDlgItemTextA
MoveWindow
GetSystemMetrics
SystemParametersInfoA
SendDlgItemMessageA
SetWindowLongA
EnableMenuItem
GetWindowLongA
RegisterClassExA
GetClassInfoExA
RegisterWindowMessageA
DialogBoxParamA
CharNextA
SetWindowTextA
GetWindowRect
wsprintfA
PostMessageA

cmpbk32

PhoneBookUnload
PhoneBookMergeChanges
PhoneBookLoad
PhoneBookFreeFilter
PhoneBookParseInfoA

cmutil

?DeInit@CmLogFile@@QAEJXZ
??0CmLogFile@@QAE@XZ
GetOSVersion
?Init@CmLogFile@@QAEJPAUHINSTANCE__@@HPBD@Z
?SetParams@CmLogFile@@QAEJHKPBD@Z
?Start@CmLogFile@@QAEJH@Z
?Stop@CmLogFile@@QAEJXZ
CmLoadIconA
CmLoadSmallIconA
CmStrrchrA
?Log@CmLogFile@@QAAXW4_CMLOG_ITEM@@ZZ
CmFmtMsgA
CmStrchrA
CmRealloc
CmStrCpyAllocA
CmMalloc
CmFree
CmBuildFullPathFromRelativeA

comctl32

ord17

rasapi32

RasEnumConnectionsA

wininet

InternetCrackUrlA
InternetOpenUrlA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetOpenA
InternetConnectA
FtpFindFirstFileA
InternetFindNextFileA
InternetCloseHandle
FtpOpenFileA
InternetReadFile
InternetSetOptionA

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

af8ba54331682dd3d93eaf19e7125af0

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

cmpbk32

cmutil

comctl32

rasapi32

wininet

Sections

.text Size: 35KB - Virtual size: 35KB

.data Size: 1024B - Virtual size: 10KB

.rsrc Size: 21KB - Virtual size: 26KB

.text
Size: 35KB - Virtual size: 35KB

.data
Size: 1024B - Virtual size: 10KB

.rsrc
Size: 21KB - Virtual size: 26KB