23a07e01b3c783742b99f97ad3476600_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

23a07e01b3c783742b99f97ad3476600_JaffaCakes118
Size

312KB
MD5

23a07e01b3c783742b99f97ad3476600
SHA1

5647a6418233ff68ee58fac8043e54663c67c353
SHA256

8512eb9485e9e0966553e4fe5129898254ef364c98570ad38b4c865c3f0d337f
SHA512

8235c2f851d941eaa550bb7414107052503b1f789034f17b95765ae0830ef55c020915e8ce87ece3cf20672cb7fe08e4fed62e8eb7dc31c2ec2a39815005b393
SSDEEP

6144:ZOyfuHCW1wyKtLGtOP1wcN8VO68osmevXvnSP:ZoiWukSmanmev/S

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
23a07e01b3c783742b99f97ad3476600_JaffaCakes118

Files

23a07e01b3c783742b99f97ad3476600_JaffaCakes118
.exe windows:4 windows x86 arch:x86

143613e5c3280b70053a3ceec6f9ba83

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrTrimA
SHGetValueA
SHSetValueA
SHDeleteValueA
PathFileExistsA

urlmon

URLDownloadToFileA

kernel32

WriteFile
Sleep
lstrlenA
DeleteFileA
CloseHandle
ReadFile
CreateFileA
GetTempFileNameA
lstrcatA
lstrcpyA
GetTempPathA
MultiByteToWideChar
GetSystemDirectoryA
SetLastError
GetCurrentProcess
GetLastError
GetCurrentThread
VirtualFreeEx
WaitForSingleObject
CreateRemoteThread
GetProcAddress
GetModuleHandleA
WriteProcessMemory
VirtualAllocEx
OpenProcess
FreeLibrary
GetCurrentProcessId
LoadLibraryA
GetModuleFileNameA
GetVersion
GetStartupInfoA
GetWindowsDirectoryA
GetFileSize
MoveFileExA
GetTickCount
GetCurrentThreadId
CreateThread
TerminateThread
ReleaseMutex
CreateMutexA
FlushInstructionCache
lstrlenW
LeaveCriticalSection
EnterCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceA
InterlockedExchange

user32

TranslateMessage
PostThreadMessageA
CreateWindowExA
DispatchMessageA
DestroyWindow
GetWindowThreadProcessId
SetWindowsHookExA
SendMessageA
UnhookWindowsHookEx
IsWindow
PeekMessageA
GetMessageA
SetParent

advapi32

OpenProcessToken
OpenThreadToken
LookupPrivilegeValueA
AdjustTokenPrivileges

ole32

CoInitialize
CoUninitialize
CLSIDFromProgID
CoCreateInstance

oleaut32

SysStringLen
LoadRegTypeLi
DispCallFunc
SysAllocStringLen
SysAllocString
VariantInit
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
VariantClear
SysFreeString

msvcrt

_controlfp
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
?terminate@@YAXXZ
_ltoa
_itoa
_strdup
_strlwr
_except_handler3
??0exception@@QAE@XZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
localtime
_purecall
srand
rand
_CxxThrowException
memcmp
strtok
strncpy
malloc
_mbsrchr
free
time
atol
atoi
sprintf
memcpy
__CxxFrameHandler
_EH_prolog
strlen
strpbrk
memmove
??2@YAPAXI@Z
strstr
strcat
strrchr
strcpy
strchr

Sections

.text
Size: 300KB - Virtual size: 300KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

143613e5c3280b70053a3ceec6f9ba83

Headers

File Characteristics

Imports

shlwapi

urlmon

kernel32

user32

advapi32

ole32

oleaut32

msvcrt

Sections

.text Size: 300KB - Virtual size: 300KB

.rsrc Size: 8KB - Virtual size: 8KB

.text
Size: 300KB - Virtual size: 300KB

.rsrc
Size: 8KB - Virtual size: 8KB