26a6293cc5d0fedbe5fc438af722ff2c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

26a6293cc5d0fedbe5fc438af722ff2c_JaffaCakes118
Size

966KB
MD5

26a6293cc5d0fedbe5fc438af722ff2c
SHA1

680f12a4f047efc8e3b7c766cce410354cc4d09a
SHA256

6470c15b907041fc6fc23702877eb3fbe3c05117a5075b86f4d08a27ab777c14
SHA512

1c3b6456441858a8419841cb2f4b7e7f17d55748b03af53afcdb7be913a8148974e7462ba595dfc3d9dd23a57f7fae22459b8b24d316a3f700e666efdee43542
SSDEEP

24576:m8sCZHRHE+l0e3Ek60EyNA5K6r22fSZTh1:BNRRH3Gyi5x66S

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
26a6293cc5d0fedbe5fc438af722ff2c_JaffaCakes118

Files

26a6293cc5d0fedbe5fc438af722ff2c_JaffaCakes118
.exe windows:5 windows x86 arch:x86

49f03d060534961064dfab8bd439eb28

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

ConvertSidToStringSidA
RegOpenKeyW
OpenThreadToken
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
GetTokenInformation
OpenProcessToken
RegCreateKeyExW

shell32

SHGetPathFromIDListW
ShellExecuteA
SHGetSpecialFolderLocation
Shell_NotifyIconW

ws2_32

WSACreateEvent
WSAEventSelect
WSASocketA
WSAIoctl

user32

RegisterClassW
InsertMenuW
CallWindowProcA
GetCursorPos
InsertMenuItemW
PostQuitMessage
CreateWindowExW
TrackPopupMenu
CreatePopupMenu
DestroyMenu
DestroyWindow
GetSystemMetrics
SetForegroundWindow
TranslateMessage
SetPropW
LoadImageW
GetPropW
LoadStringW
GetMessageA
DefWindowProcA
DispatchMessageA
PostMessageA

wininet

HttpQueryInfoA
HttpSendRequestExA
HttpAddRequestHeadersA
HttpEndRequestA
InternetConnectA
InternetCrackUrlA
InternetOpenA
InternetReadFile
HttpOpenRequestA
InternetWriteFile
InternetSetOptionA
HttpSendRequestA
InternetCloseHandle

ole32

CoCreateInstance
CoTaskMemFree

kernel32

TlsFree
SetFilePointer
CloseHandle
TlsAlloc
CreateSemaphoreA
EnterCriticalSection
SetEvent
SetEndOfFile
ReleaseSemaphore
GetUserDefaultLCID
DeleteCriticalSection
GlobalAddAtomA
GetSystemTimeAsFileTime
CreateThread
GetLastError
InitializeCriticalSection
GetLocalTime
TlsSetValue
GetStartupInfoA
WriteFile
GetModuleFileNameW
LeaveCriticalSection
GetFullPathNameW
TlsGetValue
FindClose
SwitchToThread
ReadFile
DeleteFileW
WaitForSingleObject
GetFileInformationByHandle
MoveFileW
FindFirstFileW
Sleep
GetDriveTypeW

tapi32

lineSetAgentState
lineAccept

shlwapi

StrCmpNA

sensapi

IsNetworkAlive

Sections

.text
Size: 622KB - Virtual size: 621KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 319KB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

49f03d060534961064dfab8bd439eb28

Headers

File Characteristics

Imports

advapi32

shell32

ws2_32

user32

wininet

ole32

kernel32

tapi32

shlwapi

sensapi

Sections

.text Size: 622KB - Virtual size: 621KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 319KB - Virtual size: 3.6MB

.rsrc Size: 20KB - Virtual size: 20KB

.text
Size: 622KB - Virtual size: 621KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 319KB - Virtual size: 3.6MB

.rsrc
Size: 20KB - Virtual size: 20KB