1ac6dfa974763c6d595004f2d14706c5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1ac6dfa974763c6d595004f2d14706c5_JaffaCakes118
Size

233KB
MD5

1ac6dfa974763c6d595004f2d14706c5
SHA1

cdbbd6fc318bb23b68d6297e78ea15dd6b0cefc4
SHA256

fe289e6844d06b0c81128984eb08afe874c2720eb4ab34a1a66144ea61f0bc0d
SHA512

b0a657814a557fc7b393ae9bd88746ac5ab7b667838dd290adf770a0c4d81290e554ab9c5321e3c024d22bf50893310d362e8d21b646c6d868f0f2e3b3d42086
SSDEEP

3072:3MqqDL2/tYAz7WqpeVxYATWzUzR+Klm3jdECqr51xInZ9KBm1QJ+nS++CRLuc9:8qqDL6F7WasTVR+QmTir/xus8SCRLuc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1ac6dfa974763c6d595004f2d14706c5_JaffaCakes118

Files

1ac6dfa974763c6d595004f2d14706c5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3b1aad7393e9094c8b2278cd087ae859

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

ioctlsocket
shutdown
recv
send
gethostbyname
inet_addr
WSACleanup
WSAStartup
getsockname
getpeername
accept
listen
closesocket
connect
htons
htonl
bind
socket
setsockopt

kernel32

LoadLibraryA
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
GetDriveTypeA
SetErrorMode
MoveFileA
GlobalAddAtomA
GlobalDeleteAtom
GetTickCount
CreateMutexA
SystemTimeToFileTime
GetVersionExA
DeleteFileA
GlobalAlloc
SetEvent
SetThreadPriority
GetLocalTime
GetShortPathNameA
ReleaseMutex
OpenEventA
ResetEvent
WaitForSingleObject
SetProcessShutdownParameters
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleA
GlobalLock
GlobalUnlock
GlobalReAlloc
GlobalFree
RemoveDirectoryA
CreateThread
GetCurrentThreadId
LocalFileTimeToFileTime
GetSystemTime
FileTimeToSystemTime
FindNextFileA
FindFirstFileA
FindClose
Sleep
CopyFileA
SetFileAttributesA
CreateDirectoryA
GetComputerNameA
WinExec
LoadLibraryExA
GetWindowsDirectoryA
GetModuleFileNameA
GetProcAddress
TlsGetValue
ResumeThread
TlsAlloc
GetStartupInfoA
GetCurrentProcess
GetCurrentThread
DuplicateHandle
TlsSetValue
CreateSemaphoreA
ReleaseSemaphore
DeleteCriticalSection
AllocConsole
SetEndOfFile
SetFilePointer
CreateFileA
CloseHandle
WriteFile
GetStdHandle
OutputDebugStringA
WriteConsoleA
GetLastError

user32

GetProcessWindowStation
ExitWindowsEx
GetSubMenu
SetMenuDefaultItem
TrackPopupMenu
GetMenuItemID
OpenDesktopA
GetUserObjectInformationA
GetAsyncKeyState
MapVirtualKeyA
GetClipboardOwner
GetClipboardData
DefWindowProcA
PostQuitMessage
EnumWindows
GetPropA
TranslateMessage
VkKeyScanA
IsWindowVisible
SetPropA
RemovePropA
OpenClipboard
SetClipboardData
CloseClipboard
GetIconInfo
DrawIconEx
LoadCursorA
RegisterClassExA
CreateWindowExA
LoadImageA
KillTimer
ChangeClipboardChain
DestroyWindow
SetClipboardViewer
PeekMessageA
GetMessageA
DispatchMessageA
RegisterWindowMessageA
SetRectEmpty
UnionRect
GetForegroundWindow
GetCursorPos
WindowFromPoint
GetClassNameA
GetSystemMetrics
IntersectRect
mouse_event
OpenWindowStationA
SetProcessWindowStation
GetKeyboardState
keybd_event
GetDesktopWindow
GetWindowRect
IsRectEmpty
PostMessageA
FindWindowA
GetDlgItem
SetFocus
EnableWindow
SetWindowTextA
LoadIconA
SetClassLongA
OpenInputDesktop
GetThreadDesktop
SetThreadDesktop
CloseDesktop
SendMessageA
ShowWindow
SetTimer
MessageBeep
GetWindowLongA
GetDlgItemTextA
IsDlgButtonChecked
SetWindowLongA
SetForegroundWindow
SetDlgItemTextA
CheckDlgButton
EndDialog
DialogBoxParamA
GetDC
ReleaseDC
MessageBoxA
EmptyClipboard

gdi32

GetSystemPaletteEntries
CreateDCA
RealizePalette
SelectPalette
GetObjectA
DeleteDC
BitBlt
SelectObject
CreateCompatibleBitmap
GetDeviceCaps
CreateCompatibleDC
CreatePalette
DeleteObject
GetStockObject
CreateDIBSection
GdiFlush
CombineRgn
CreateRectRgnIndirect
CreateRectRgn
GetRegionData
GetDIBits

advapi32

CreateProcessAsUserA
RegCreateKeyExA
RegSetValueExA
RegFlushKey
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
AdjustTokenPrivileges
SetTokenInformation
DuplicateTokenEx
LookupPrivilegeValueA
OpenProcessToken
LogonUserA
GetUserNameA
ImpersonateLoggedOnUser
CloseServiceHandle
ChangeServiceConfigA
OpenServiceA
CreateServiceA
OpenSCManagerA
DeleteService
QueryServiceStatus
ControlService
RegCreateKeyA
RevertToSelf

shell32

Shell_NotifyIconA
ShellExecuteA
ShellExecuteExA

winhkb

SetHook
UnSetHook
SetKeyboardFilterHook
SetMouseFilterHook

zlib1

inflateInit_
inflate
inflateEnd
deflateInit_
deflate
deflateEnd

winmm

timeSetEvent

msvcrt

free
??3@YAXPAX@Z
__CxxFrameHandler
??2@YAPAXI@Z
_endthreadex
__dllonexit
_onexit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
_beginthreadex
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
fclose
fprintf
fseek
fopen
vsprintf
ctime
time
malloc
sprintf
atoi
__set_app_type
_controlfp
memcpy
memcmp
memmove
strchr
fputc
fwrite
fread
ftell
remove
strstr
fgets
_vsnprintf
_findclose
_findnext
_findfirst
rename
fgetc
sscanf
tolower
srand
rand
_iob
_stricmp
isspace
_purecall
_errno
fputs
strncmp
_EH_prolog
_CxxThrowException
_strdup
_strupr
_putw
_unlink
_chmod
exit
_strnicmp

wininet

InternetReadFile
InternetCloseHandle
InternetOpenA
InternetOpenUrlA

Sections

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 160KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3b1aad7393e9094c8b2278cd087ae859

Headers

File Characteristics

Imports

wsock32

kernel32

user32

gdi32

advapi32

shell32

winhkb

zlib1

winmm

msvcrt

wininet

Sections

.rdata Size: 35KB - Virtual size: 34KB

.data Size: 160KB - Virtual size: 212KB

.rsrc Size: 37KB - Virtual size: 36KB

.rdata
Size: 35KB - Virtual size: 34KB

.data
Size: 160KB - Virtual size: 212KB

.rsrc
Size: 37KB - Virtual size: 36KB