3478cf590a1865bcd2da94e6c797fdc6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3478cf590a1865bcd2da94e6c797fdc6_JaffaCakes118
Size

308KB
MD5

3478cf590a1865bcd2da94e6c797fdc6
SHA1

2c23c35789d084ef7af82df33a25201b968b5bf5
SHA256

792d92e4a66e2c09af3f4fe970bc23ecf780009cc0fffa63f8af99eeba742cd3
SHA512

cd14eb24ba2d752947caac1fd56ba9237d57d866f871f379cc916e554dc460ed037804e40a11a22dca3931ac6a688e4a2a6938aeb1dcbea2f0558e72c2069792
SSDEEP

3072:+YGn4GSzdrZYCEAHgjy2kkIy8OTBfbvqgmOt77Dr36ZtV/XeywC:ZdzYm9gTBzvqRMe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3478cf590a1865bcd2da94e6c797fdc6_JaffaCakes118

Files

3478cf590a1865bcd2da94e6c797fdc6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1c7ed6098a01c460753d23fca2f9c9ab

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

FtpPutFileW
InternetCloseHandle
InternetGetLastResponseInfoW
InternetOpenW
InternetConnectW

ws2_32

WSAEventSelect
WSAConnect
WSAEnumNetworkEvents
WSACloseEvent
WSASetLastError
getservbyport
ntohs
gethostbyaddr
WSACreateEvent
getservbyname
htonl
WSAGetLastError
inet_addr
shutdown
closesocket
gethostname
gethostbyname
inet_ntoa
WSAStartup
WSACleanup
WSASocketW
htons

kernel32

GetStringTypeW
GetStringTypeA
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetStdHandle
GetFileType
SetHandleCount
FlushFileBuffers
GetModuleFileNameA
WideCharToMultiByte
ResumeThread
SetPriorityClass
GetCurrentProcess
GetCurrentThread
SetThreadPriority
CreateProcessW
CloseHandle
WriteFile
lstrlenW
lstrcpyW
GetShortPathNameW
GetModuleFileNameW
CreateFileW
GetTempFileNameW
GetTempPathW
GetProcAddress
LoadLibraryW
LocalFree
GetLastError
DuplicateHandle
OpenProcess
TerminateProcess
Sleep
GetExitCodeProcess
Module32NextW
lstrcmpiW
Module32FirstW
CreateToolhelp32Snapshot
Process32NextW
GetPriorityClass
Process32FirstW
GetLocalTime
GetModuleHandleW
DeleteFileW
GetCompressedFileSizeW
MultiByteToWideChar
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
GetOverlappedResult
ReadFile
lstrlenA
SetFileAttributesW
WaitForSingleObject
ReleaseMutex
CreateDirectoryW
GetSystemDirectoryW
EndUpdateResourceW
UpdateResourceW
BeginUpdateResourceW
FreeLibrary
GetThreadLocale
GetACP
GetTimeZoneInformation
GetTickCount
CopyFileW
RaiseException
LoadLibraryA
GetSystemDirectoryA
CreateEventW
InterlockedExchange
GetLocaleInfoA
GetVersionExA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
SetFilePointer
GetConsoleMode
GetConsoleCP
LCMapStringW
LCMapStringA
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEndOfFile
GetStartupInfoA
GetCommandLineA
ExitProcess
VirtualQuery
GetSystemInfo
GetStdHandle
HeapCreate
VirtualFree
GetModuleHandleA
VirtualAlloc
VirtualProtect
RtlUnwind
CreateMutexW
GetSystemTimeAsFileTime

user32

UnregisterClassA
FindWindowExW
RegisterWindowMessageW
CreateWindowExW
GetMessageW
TranslateMessage
DispatchMessageW
RegisterClassExW
DefWindowProcW
PostQuitMessage
GetKeyState
GetKeyboardState
ToUnicode
GetKeyNameTextW
GetParent
SendMessageW
SetWindowsHookExW
SetTimer

advapi32

RegCloseKey
SetEntriesInAclW
RegOpenKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
SetSecurityInfo
OpenProcessToken
GetTokenInformation
LookupPrivilegeValueW
AdjustTokenPrivileges

shell32

SHGetPathFromIDListW
SHGetMalloc
SHGetSpecialFolderLocation
ShellExecuteW

ole32

CoCreateInstance
CoInitialize

shlwapi

PathFileExistsW

dnsapi

DnsRecordListFree
DnsQuery_W

Sections

.text
Size: 112KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1c7ed6098a01c460753d23fca2f9c9ab

Headers

File Characteristics

Imports

wininet

ws2_32

kernel32

user32

advapi32

shell32

ole32

shlwapi

dnsapi

Sections

.text Size: 112KB - Virtual size: 110KB

.rdata Size: 40KB - Virtual size: 37KB

.data Size: 8KB - Virtual size: 147KB

.rsrc Size: 144KB - Virtual size: 143KB

.text
Size: 112KB - Virtual size: 110KB

.rdata
Size: 40KB - Virtual size: 37KB

.data
Size: 8KB - Virtual size: 147KB

.rsrc
Size: 144KB - Virtual size: 143KB