2384eb7914fd9d8d11be72bb83046445_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2384eb7914fd9d8d11be72bb83046445_JaffaCakes118
Size

104KB
MD5

2384eb7914fd9d8d11be72bb83046445
SHA1

383fc3c218b9fb0d4224d69af66caf09869b4c73
SHA256

d88bd6947eef00bd3baadc55ff1c55b3cdcff5ba8fd145d5b5bf8894c42a7fd3
SHA512

74f9692327dc04ec58fc31815e6f601e4a91bea3173cf2511726576b0a7d10c4e3bf86fe8250729f2a0bef90dbdfd8b0b237a2670ca7316ce2126625827b0dd7
SSDEEP

1536:PYVu34oaGc6NJKmT+bhsuKVdH1foTLlEF18wng18xZW8afOe99QpqUExQqVi8:P8i4oaGckKK4KVU8GfncqUEqf8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2384eb7914fd9d8d11be72bb83046445_JaffaCakes118

Files

2384eb7914fd9d8d11be72bb83046445_JaffaCakes118
.exe windows:4 windows x86 arch:x86

12f848dea124b16c25c191491b7d6ea8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpyA
SetLastError
FreeLibrary
WinExec
GetTempFileNameA
CloseHandle
OpenProcess
GetModuleFileNameA
WriteFile
CreateFileA
DeleteFileA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileSize
FindClose
FindNextFileA
FindFirstFileA
ExpandEnvironmentStringsA
HeapAlloc
HeapCreate
HeapDestroy
HeapReAlloc
GetLastError
lstrlenW
GetWindowsDirectoryA
GetEnvironmentVariableA
GetCurrentProcess
GetModuleHandleA
ReadFile
CreateProcessA
DuplicateHandle
CreatePipe
GetStdHandle
GetTickCount
ExitProcess
CreateNamedPipeA
GetShortPathNameA
SetErrorMode
SetPriorityClass
GetProcessHeap
OutputDebugStringA
HeapFree
SetFilePointer
MoveFileA
CompareStringA
lstrcmpiA
CompareStringW
GetProcessTimes
MultiByteToWideChar
IsDebuggerPresent
GetPrivateProfileSectionNamesA
GetPrivateProfileStringA
lstrcpynA
LoadLibraryA
GetProcAddress
WideCharToMultiByte
lstrcatA
lstrcmpA
Sleep
GetFileAttributesA
GetFileTime
lstrlenA
FileTimeToSystemTime
GlobalFree
LocalFree
GetSystemInfo
GetLogicalDrives
GetDriveTypeA
GetDiskFreeSpaceA
GetSystemTime
GetComputerNameA
GlobalAlloc
GetACP
GetOEMCP
GetCurrentDirectoryA
GetVolumeInformationA
GetTempPathA

user32

LockSetForegroundWindow
wsprintfA
GetSystemMetrics
MessageBoxA
wvsprintfA
CharLowerBuffA
CharUpperBuffA
GetKeyboardLayoutNameA
EnumDisplaySettingsA

advapi32

CryptAcquireContextA
CryptHashData
CryptDeriveKey
CryptDecrypt
CryptDestroyKey
CryptDestroyHash
CryptReleaseContext
RegEnumValueW
RegQueryValueExW
RegEnumValueA
RegOpenKeyExA
RegQueryInfoKeyA
RegEnumKeyExA
RegOpenKeyA
RegEnumKeyA
RegQueryValueExA
RegCloseKey
GetUserNameA
OpenProcessToken
RegSetValueExA
RegCreateKeyA
RegDeleteValueA
AdjustTokenPrivileges
LookupPrivilegeValueA
CryptGenRandom
CryptCreateHash

oleaut32

VariantInit
SafeArrayPutElement
SafeArrayCreate
SysFreeString
SysAllocString

shell32

SHGetSpecialFolderPathA
ord680
SHGetFolderPathA

ole32

OleInitialize
CoCreateInstance
CoTaskMemFree

psapi

GetModuleFileNameExA
EnumProcesses

shlwapi

StrStrIA

crypt32

CryptUnprotectData

iphlpapi

GetNetworkParams

ws2_32

WSAStartup
gethostname
gethostbyname
inet_ntoa

urlmon

URLDownloadToFileA

Sections

.text
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

12f848dea124b16c25c191491b7d6ea8

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

shell32

ole32

psapi

shlwapi

crypt32

iphlpapi

ws2_32

urlmon

Sections

.text Size: 72KB - Virtual size: 68KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 8KB - Virtual size: 13KB

.text
Size: 72KB - Virtual size: 68KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 8KB - Virtual size: 13KB