25dcf9a3b5b712335b9d82697e919897_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

25dcf9a3b5b712335b9d82697e919897_JaffaCakes118
Size

26KB
MD5

25dcf9a3b5b712335b9d82697e919897
SHA1

3879f816235531728f8abb1e8ed6e5db1095af1e
SHA256

ec90c7a2c4dad98c5cb00b55e6abca1ceb20b57e2dc8b50030750dd84af663c3
SHA512

781b4fc239fca17de45fddef31ee79512b928f6e2cd3a18a7809cd2bac9908a05072cf8c9e484d186545ab42044e0f4f82c6f8703819cd4fe93447653aa4688a
SSDEEP

384:UnQUwFccUGmOLKA+Vdz1TM+J+KrXSQUoRH0kYTvYwN31Mcy6uq:1ScUGmOMt17ciSPkYTvYwRzF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
25dcf9a3b5b712335b9d82697e919897_JaffaCakes118

Files

25dcf9a3b5b712335b9d82697e919897_JaffaCakes118
.exe windows:4 windows x86 arch:x86

45c719de14eb3ccee203295fada468d6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

fwrite
fread
strstr
_mkdir
time
srand
rand
??2@YAPAXI@Z
??3@YAXPAX@Z
printf
_except_handler3
fgets
atoi
_iob
fprintf
fputs
exit
fopen
fscanf
fclose
system
__CxxFrameHandler
sprintf

mfc42

ord1105
ord537
ord2764
ord4129
ord6648
ord2915
ord5572
ord354
ord5186
ord540
ord6385
ord1979
ord800
ord665

kernel32

GetShortPathNameA
GetEnvironmentVariableA
SetPriorityClass
GetCurrentThread
SetThreadPriority
ResumeThread
CreateToolhelp32Snapshot
Process32First
Process32Next
OpenProcess
lstrlenA
GetTempPathA
Sleep
WinExec
GetLastError
CloseHandle
DeviceIoControl
DeleteFileA
WriteFile
CreateFileA
LockResource
LoadResource
SizeofResource
FindResourceA
GetSystemDirectoryA
GetPrivateProfileIntA
GetPrivateProfileStringA
lstrcmpiA
MultiByteToWideChar
FreeLibrary
GetProcAddress
LoadLibraryA
lstrcpyA
lstrcmpA
HeapFree
GetModuleHandleA
HeapAlloc
GetProcessHeap
GetCurrentProcess
WideCharToMultiByte
lstrcatA
GetCurrentThreadId
GetCurrentProcessId
FindClose
FindNextFileA
FindFirstFileA
GetDriveTypeA
GetLogicalDriveStringsA
CreateMutexA
GetModuleFileNameA
CreateProcessA
TerminateProcess

user32

GetWindowTextA
EnumChildWindows
GetWindowLongA
FindWindowA
SetWindowPos
SetForegroundWindow
keybd_event
SetCursorPos
mouse_event
PostMessageA
SendMessageA
IsWindow
GetClassNameA
GetForegroundWindow
MessageBoxA
GetParent
GetCursorPos
WindowFromPoint

advapi32

RegOpenKeyExA
RegSetValueExA
RegCloseKey
OpenSCManagerA
DeleteService
ControlService
OpenServiceA
StartServiceA
CreateServiceA
CloseServiceHandle
SetFileSecurityA
GetSecurityDescriptorControl
SetSecurityDescriptorDacl
AddAccessAllowedAce
EqualSid
GetAce
AddAce
InitializeAcl
GetLengthSid
GetAclInformation
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetFileSecurityA
LookupAccountNameA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
GetUserNameA

shell32

StrStrIA
SHGetSpecialFolderPathA

winmm

timeGetTime

urlmon

CreateURLMoniker

wininet

InternetReadFile
HttpQueryInfoA
InternetOpenUrlA
InternetOpenA
InternetGetConnectedState
InternetCloseHandle

netapi32

NetUserGetLocalGroups
NetApiBufferFree

oleaut32

VariantInit

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

45c719de14eb3ccee203295fada468d6

Headers

File Characteristics

Imports

msvcrt

mfc42

kernel32

user32

advapi32

shell32

winmm

urlmon

wininet

netapi32

oleaut32

Sections

.text Size: 13KB - Virtual size: 12KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 2KB - Virtual size: 8KB

.rsrc Size: 5KB - Virtual size: 4KB

.text
Size: 13KB - Virtual size: 12KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 2KB - Virtual size: 8KB

.rsrc
Size: 5KB - Virtual size: 4KB