18ad9eb4f59b29461ee3e1e6877bd783_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

18ad9eb4f59b29461ee3e1e6877bd783_JaffaCakes118
Size

212KB
MD5

18ad9eb4f59b29461ee3e1e6877bd783
SHA1

05e194058743e7262ef77d7dee20bd64fa46fb87
SHA256

39f8e7c161325a0c6b1b941e8b5acda22509523511867cab1608c1b09b5b30bb
SHA512

3adf094a96f5139a6f8719cfa3bc531f15203eb184bfba8fc385723aefe13e966b9e8e8080ea120c932409bb025e701b898eb10be0cb43b5b36bb9989d1d8c57
SSDEEP

6144:f6IJDE3uMFDI8soNPff7sHIb6ClsOgLXuSwfu:SsDE3bNPn7sobKXuS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
18ad9eb4f59b29461ee3e1e6877bd783_JaffaCakes118

Files

18ad9eb4f59b29461ee3e1e6877bd783_JaffaCakes118
.exe windows:4 windows x86 arch:x86

815f1cf71aadec9aba25228a184b1cf8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetWindowsDirectoryW
GlobalFree
GlobalAlloc
WideCharToMultiByte
CreateDirectoryA
MultiByteToWideChar
RemoveDirectoryA
SetLocalTime
SystemTimeToFileTime
GetLocalTime
ExitProcess
SetCurrentDirectoryA
GetModuleHandleA
GetCurrentProcessId
GetModuleFileNameA
CreateMutexA
FreeLibrary
LoadLibraryA
GetFileTime
FindFirstFileW
GetComputerNameA
GetVersionExA
GetExitCodeProcess
GetCurrentThreadId
LocalFree
LocalAlloc
GetStdHandle
HeapReAlloc
SetFilePointer
InterlockedCompareExchange
CreateThread
HeapSize
CopyFileA
GetProcessHeap
GetCurrentProcess
ExpandEnvironmentStringsA
GetProcessTimes
HeapAlloc
HeapFree
CreateNamedPipeA
WaitForMultipleObjects
DisconnectNamedPipe
ResumeThread
SetErrorMode
SuspendThread
WaitForSingleObject
WriteFile
SetEvent
CreateEventA
TerminateThread
TerminateProcess
SetFileAttributesA
OpenProcess
GetFileAttributesA
VirtualAlloc
FindNextFileA
GetFileSize
GetSystemDirectoryA
ReadFile
VirtualFree
LeaveCriticalSection
lstrlenA
EnterCriticalSection
DeleteFileA
GetTickCount
Sleep
InitializeCriticalSection
GetPrivateProfileSectionA
DeleteCriticalSection
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
CreateFileA
CreateProcessA
GetLastError
CreateMailslotA
FileTimeToSystemTime
FileTimeToLocalFileTime
InterlockedIncrement
MoveFileExA
FindClose
CloseHandle
FindFirstFileA
GetMailslotInfo
FindNextFileW
InterlockedExchange
SetStdHandle
GetStringTypeW
GetVersion
GetCommandLineA
RaiseException
InterlockedDecrement
GetSystemTime
GetTimeZoneInformation
ExitThread
TlsGetValue
TlsSetValue
RtlUnwind
LCMapStringW
TlsAlloc
SetLastError
UnhandledExceptionFilter
GetEnvironmentVariableA
HeapDestroy
HeapCreate
IsBadWritePtr
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
FlushFileBuffers
FreeEnvironmentStringsW
SetUnhandledExceptionFilter
LCMapStringA
GetStringTypeA
GetCPInfo
GetACP
GetOEMCP
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
IsBadCodePtr
IsBadReadPtr
GetStartupInfoA
GetFileType
SetHandleCount

user32

EnumWindowStationsA
CloseWindowStation
EnumDesktopsA
wsprintfA
SetProcessWindowStation
OpenWindowStationA
GetProcessWindowStation
CloseDesktop
EnumDesktopWindows
SetThreadDesktop
OpenDesktopA
GetThreadDesktop
PostMessageA
GetWindowThreadProcessId
CharLowerBuffA

advapi32

FreeSid
SetNamedSecurityInfoA
GetLengthSid
InitializeAcl
LookupAccountNameA
SetKernelObjectSecurity
RegEnumKeyExA
AddAccessAllowedAce
RegDeleteValueA
RegSetValueExA
RegDeleteKeyA
SetServiceStatus
CloseServiceHandle
RegCreateKeyExA
GetUserNameA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
AdjustTokenPrivileges
RegOpenKeyExA
LookupPrivilegeValueA
RegCloseKey
RegLoadKeyA
RegQueryValueExA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegUnLoadKeyA
OpenProcessToken
LookupAccountSidA
CreateProcessAsUserA
AllocateAndInitializeSid
SetFileSecurityA
GetTokenInformation
GetFileSecurityA
AddAce
GetSecurityDescriptorDacl
GetAclInformation
OpenSCManagerA
GetAce
CreateServiceA
ControlService
DeleteService
StartServiceA
QueryServiceStatus
OpenServiceA
QueryServiceConfigA
ChangeServiceConfigA

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetDesktopFolder
SHGetPathFromIDListW
SHGetMalloc

ole32

CoTaskMemFree
CoInitialize
CoCreateInstance
CoUninitialize

userenv

LoadUserProfileA
UnloadUserProfile

rpcrt4

RpcStringFreeA
UuidToStringA
UuidCreate

ws2_32

WSASetLastError
getsockname
recv
select
__WSAFDIsSet
send
socket
sendto
htons
connect
shutdown
closesocket
gethostbyname
WSAStartup
WSACleanup
htonl
ntohl
gethostname
WSAGetLastError
recvfrom
inet_addr
inet_ntoa
ntohs
bind

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

psapi

GetModuleFileNameExA
GetModuleBaseNameA
EnumProcesses
GetModuleFileNameExW

Sections

.text
Size: 144KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

815f1cf71aadec9aba25228a184b1cf8

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

userenv

rpcrt4

ws2_32

version

psapi

Sections

.text Size: 144KB - Virtual size: 141KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 48KB - Virtual size: 56KB

.rsrc Size: 4KB - Virtual size: 776B

.text
Size: 144KB - Virtual size: 141KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 48KB - Virtual size: 56KB

.rsrc
Size: 4KB - Virtual size: 776B