3aa14040f7bc64a535082105bd87b621_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3aa14040f7bc64a535082105bd87b621_JaffaCakes118
Size

264KB
MD5

3aa14040f7bc64a535082105bd87b621
SHA1

d694e944076ed65e109df6fcab52c9e57920bcc3
SHA256

7c3c5dc14117b6cc92ae7311295643b0783d358d57b7167fac7af1af0a33ad98
SHA512

63a4aa65586d5ab2c44bbecb35b109e1d58b22f91568edf4fb7d4cecdb488219c6ce47d30c55351535cd12a280915ddf068a41970981933860a7145861950e87
SSDEEP

3072:a3QvREuSW45F3lXjMYS0wuiLFButhqaqhUI5Gd4lbIPRQGiO3+Q/mBb4Nel0I:HvRgtFXAR0riLUgLzsd7Q8OQ/mV4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3aa14040f7bc64a535082105bd87b621_JaffaCakes118

Files

3aa14040f7bc64a535082105bd87b621_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0fcb4c1e82c3908d5fd0b5251d61b6b8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

ntohl
ntohs
select
shutdown
recv
closesocket
inet_addr
connect
socket
htons
WSAGetLastError
gethostbyname
WSACleanup
WSAStartup
send

kernel32

VirtualQueryEx
GetSystemTime
GetDiskFreeSpaceExA
GetCurrentThreadId
GetSystemInfo
GlobalMemoryStatus
FindCloseChangeNotification
GetSystemDirectoryW
GetVersionExA
VirtualFree
DuplicateHandle
FreeLibrary
CreateThread
SetThreadPriority
LoadResource
FindResourceA
SizeofResource
GetVolumeInformationA
GetDriveTypeA
GetWindowsDirectoryW
GetCurrentProcess
GetFileSize
HeapSize
ReadFile
GetFileType
GetStdHandle
GetStartupInfoA
GetVersion
GetCommandLineA
SetHandleCount
ExitProcess
RaiseException
HeapReAlloc
HeapAlloc
HeapFree
MultiByteToWideChar
VirtualProtectEx
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
SetFilePointer
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
WriteProcessMemory
VirtualAllocEx
SetEndOfFile
GetOEMCP
GetTempPathA
GetTempFileNameA
VirtualFreeEx
CreateRemoteThread
GetExitCodeThread
TerminateThread
GetCurrentProcessId
GetTickCount
Sleep
GetModuleFileNameA
SetErrorMode
DeviceIoControl
SystemTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
WriteFile
SetFileAttributesA
DeleteFileA
RemoveDirectoryA
CreateDirectoryA
FindFirstFileA
FindNextFileA
FindClose
OpenProcess
CreateFileW
TerminateProcess
UnmapViewOfFile
ResumeThread
GetModuleHandleA
ReadProcessMemory
LockResource
LoadLibraryA
GetLastError
GetProcAddress
GetACP
RtlUnwind
FreeConsole
CreateProcessA
CreateEventA
WaitForSingleObject
SetEvent
GetSystemDirectoryA
CreateFileA
CreateFileMappingA
CloseHandle
MapViewOfFile
SetStdHandle
LCMapStringA
LCMapStringW
GetEnvironmentStrings
GetEnvironmentStringsW
GetCPInfo
GetStringTypeW
GetStringTypeA
FlushFileBuffers
IsBadCodePtr
IsBadReadPtr

user32

GetUserObjectSecurity
EnumWindowStationsA
CloseWindowStation
CloseDesktop
UnregisterClassA
SetUserObjectSecurity
EnumDesktopsA
ReleaseDC
GetDC
CreateWindowExA
RegisterClassA
SetThreadDesktop
DestroyWindow
SetForegroundWindow
ExitWindowsEx
GetDesktopWindow
GetUserObjectInformationA
SetFocus
DefWindowProcA
ShowWindow
GetWindowRect
ShowCursor
GetProcessWindowStation
DrawTextA
FillRect
SetProcessWindowStation
GetThreadDesktop
OpenWindowStationA
OpenDesktopA

gdi32

GetStockObject
DeleteObject
SelectObject
SetBkColor
CreateSolidBrush
SetTextColor
GdiFlush
BitBlt
CreateFontIndirectA
CreateCompatibleDC
GetDeviceCaps
CreateDIBSection

comdlg32

GetFileTitleA

advapi32

LsaOpenPolicy
LsaEnumerateAccountRights
SetServiceStatus
RegisterServiceCtrlHandlerA
InitiateSystemShutdownA
RegOpenKeyA
ChangeServiceConfig2A
DeleteService
ControlService
StartServiceA
EnumServicesStatusA
QueryServiceConfigA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumValueA
CreateProcessAsUserA
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
LookupPrivilegeValueA
AdjustTokenPrivileges
EqualSid
ImpersonateLoggedOnUser
OpenProcessToken
RevertToSelf
LookupAccountSidW
AllocateLocallyUniqueId
StartServiceCtrlDispatcherA
QueryServiceStatus
LsaClose
LsaFreeMemory
LookupPrivilegeValueW
LookupAccountNameW
GetTokenInformation
IsValidSid
GetSecurityDescriptorDacl
AddAccessAllowedAce
AllocateAndInitializeSid
LookupAccountSidA
FreeSid
OpenEventLogA
ClearEventLogA
CloseEventLog
RegSetValueExA
OpenServiceA
LookupAccountNameA
GetLengthSid
InitializeAcl
AddAccessAllowedAceEx
SetSecurityInfo
RegOpenKeyExA
RegCloseKey
ChangeServiceConfigA
OpenSCManagerA
CreateServiceA
CloseServiceHandle

netapi32

NetUserAdd
NetUserGetGroups
NetLocalGroupAddMembers
NetUserGetLocalGroups
NetApiBufferFree

psapi

EnumProcessModules
GetModuleInformation
EnumProcesses
GetModuleFileNameExA

wininet

InternetOpenUrlA
InternetReadFile
InternetOpenA
InternetCloseHandle

dnsapi

DnsRecordListFree
DnsQuery_A

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

secur32

LsaEnumerateLogonSessions
LsaGetLogonSessionData

Sections

.text
Size: 152KB - Virtual size: 150KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0fcb4c1e82c3908d5fd0b5251d61b6b8

Headers

File Characteristics

Imports

wsock32

kernel32

user32

gdi32

comdlg32

advapi32

netapi32

psapi

wininet

dnsapi

userenv

secur32

Sections

.text Size: 152KB - Virtual size: 150KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 36KB - Virtual size: 40KB

.rsrc Size: 60KB - Virtual size: 56KB

.text
Size: 152KB - Virtual size: 150KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 36KB - Virtual size: 40KB

.rsrc
Size: 60KB - Virtual size: 56KB