3d7b9b501aad95167fe22f1bb3a84389_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3d7b9b501aad95167fe22f1bb3a84389_JaffaCakes118
Size

101KB
MD5

3d7b9b501aad95167fe22f1bb3a84389
SHA1

cc713dd8f9af5f3a70088df78dcb59422d33ebe2
SHA256

2f974f72b1adc964c67f8b44885b99e9ddb4a794e6224fe63deba26a17da0d7f
SHA512

220dd91ba5b0e6a6b132ad5ca930e4ea711632fde7d14f31af8cf0a193734cf83e7066a654d9104e8114c021795745e69fb0b925f7bb1a0e99dd4b1d7cae9f90
SSDEEP

1536:T+++PZLaNc0ZIKEHH5IsmClGEd3gs4HjRrhQK0d37KeC:T+++PZaBZQ5B+Q98eC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3d7b9b501aad95167fe22f1bb3a84389_JaffaCakes118

Files

3d7b9b501aad95167fe22f1bb3a84389_JaffaCakes118
.exe windows:4 windows x86 arch:x86

32298c2a3c67ee9395b65fb80c0b8b83

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
FreeLibrary
TerminateThread
WriteFile
GetCurrentDirectoryA
SetFilePointer
GetModuleFileNameA
GetTickCount
ExitProcess
CreateProcessA
CopyFileA
VirtualQuery
VirtualProtect
ExitThread
Process32Next
Module32First
Process32First
CreateToolhelp32Snapshot
lstrcmpiA
TerminateProcess
OpenProcess
CreateDirectoryA
DeleteFileA
FindNextFileA
lstrcatA
lstrcpyA
FileTimeToSystemTime
GetLastError
LoadLibraryA
GetVersionExA
GetLocaleInfoA
GlobalMemoryStatus
GlobalLock
GlobalUnlock
GlobalAlloc
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
VirtualFreeEx
CreateMutexA
GetCurrentProcessId
GetWindowsDirectoryA
IsBadReadPtr
GetStartupInfoA
GetFileSize
FindFirstFileA
FindClose
ReleaseSemaphore
CreateSemaphoreA
CreateThread
WaitForSingleObject
LocalFree
GetModuleHandleA
GetProcAddress
GetSystemDirectoryA
CreateFileA
GetFileInformationByHandle
GetProcessHeap
HeapAlloc
ReadFile
HeapFree
GetLogicalDriveStringsA
CloseHandle

user32

GetDC
GetActiveWindow
GetWindowTextA
IsWindowVisible
EnumWindows
SendMessageA
BringWindowToTop
SetCursorPos
GetClipboardData
OpenClipboard
FindWindowA
EmptyClipboard
SetClipboardData
CloseClipboard
mouse_event
wsprintfA
ShowWindow
MessageBoxA

gdi32

GetDeviceCaps

advapi32

RegOpenKeyA
SetSecurityInfo
SetEntriesInAclA
GetUserNameA
GetSecurityInfo
RegCloseKey
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegDeleteKeyA
RegDeleteValueA
RegOpenKeyExA
RegEnumKeyExA
RegEnumValueA

shell32

SHFileOperationA
ShellExecuteA
FindExecutableA

ws2_32

shutdown
recv
gethostbyname
connect
send
select
WSAStartup
socket
htons
bind
listen
WSACleanup
inet_addr
getsockname
inet_ntoa
gethostname
__WSAFDIsSet
closesocket
accept

msvcrt

strlen
free
sprintf
_strcmpi
rand
malloc
srand
__CxxFrameHandler
_EH_prolog
strstr
strcpy
??3@YAXPAX@Z
_stricmp
??2@YAPAXI@Z
strtok
memset
strcmp
strncpy
atoi
strcat
memcpy

avicap32

capGetDriverDescriptionA

wininet

InternetConnectA
FtpPutFileA
InternetOpenA
InternetOpenUrlA
InternetCloseHandle
InternetReadFile
InternetCheckConnectionA

Sections

.data
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

32298c2a3c67ee9395b65fb80c0b8b83

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ws2_32

msvcrt

avicap32

wininet

Sections

.data Size: 101KB - Virtual size: 100KB

.data
Size: 101KB - Virtual size: 100KB