4128e7521acfac1cf25a0d02d17deef6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4128e7521acfac1cf25a0d02d17deef6_JaffaCakes118
Size

132KB
MD5

4128e7521acfac1cf25a0d02d17deef6
SHA1

0b62558be5c333fbd8d88bacdfa06cf28b9d093a
SHA256

f29dd7d6404cfaefc546e38290153247c94cbaf4e22b6336a198da2f60c137d4
SHA512

fce1cfa9dbbf1ea4f4f2f7b7551dc29c950024b20ab86b7f4601abc73e97156d4c296b1788adf46015d2decfa5b43aa288f3282a6f16e5b263f9abafc7497168
SSDEEP

1536:5oRE1PcTRvCSiX7taJQLvvCTKFuAwtq/5RxB8JE1npco1z5FHy8EU:2E5cTJiLMQLno6Xw23L8G/1z5FHy8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4128e7521acfac1cf25a0d02d17deef6_JaffaCakes118

Files

4128e7521acfac1cf25a0d02d17deef6_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f92dae381963b2d059a4034828d04248

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetOpenA
InternetReadFile
InternetOpenUrlA

kernel32

CreateToolhelp32Snapshot
CloseHandle
lstrcpynA
GetCurrentProcess
WaitForSingleObject
GetTickCount
IsBadReadPtr
CreateRemoteThread
InitializeCriticalSection
OpenProcess
LeaveCriticalSection
ExitThread
GetProcAddress
VirtualAlloc
EnterCriticalSection
VirtualAllocEx
LoadLibraryA
OpenMutexA
IsWow64Process
GetModuleHandleA
CreateMutexA
VirtualProtect
GetCurrentProcessId
WriteProcessMemory
CreateThread
lstrcpyA
HeapReAlloc
GetModuleFileNameA
HeapAlloc
GetProcessHeap
ExitProcess
SetPriorityClass
MoveFileExA
GetCurrentThread
SetProcessPriorityBoost
GetFileAttributesA
GetEnvironmentVariableA
SetThreadPriority
GetShortPathNameA
TryEnterCriticalSection
HeapFree
WideCharToMultiByte
lstrcatA
lstrcmpA
IsBadWritePtr
GetProcessId
Module32First
Module32Next
GetLocaleInfoA
Process32Next
Sleep
Process32First
GetComputerNameA
lstrlenA
GetStringTypeW
GetStringTypeA
InitializeCriticalSectionAndSpinCount
SetEnvironmentVariableA
CompareStringW
GetCommandLineA
GetStartupInfoA
RaiseException
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
GetModuleHandleW
DeleteCriticalSection
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
LCMapStringA
MultiByteToWideChar
LCMapStringW
HeapSize
WriteFile
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
CompareStringA

user32

wsprintfA
FindWindowA

advapi32

RegOpenKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
GetUserNameA
RegQueryValueExA

shell32

SHChangeNotify
ShellExecuteExA

ntdll

RtlUnwind

Sections

.text
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f92dae381963b2d059a4034828d04248

Headers

DLL Characteristics

File Characteristics

Imports

wininet

kernel32

user32

advapi32

shell32

ntdll

Sections

.text Size: 94KB - Virtual size: 93KB

.rdata Size: 22KB - Virtual size: 21KB

.data Size: 3KB - Virtual size: 1.0MB

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 94KB - Virtual size: 93KB

.rdata
Size: 22KB - Virtual size: 21KB

.data
Size: 3KB - Virtual size: 1.0MB

.reloc
Size: 12KB - Virtual size: 11KB