44386fae02d69bfb7478643ab38606bf_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

44386fae02d69bfb7478643ab38606bf_JaffaCakes118
Size

61KB
MD5

44386fae02d69bfb7478643ab38606bf
SHA1

ac7c7ca497f7a5ed944b069a6c0a5262aba3878d
SHA256

19d45b7ad14c74bbc48cb52f413e4d1ff5e09ae2fdb436d1befe4d2115a126e0
SHA512

47937f18e9cb3d281de2baacb33d61125a5797ba4e19a9d974181e43cc12d59466b34c61a1b3d7a82345056ac32a91723c4a05912a9427f9f2028075166dec7e
SSDEEP

1536:Qjc/gfLB2DqfHwWmaMNxfVofTJKKNU0xzqyjmdpBJ8:IKmUDq4rVxfVoflKbyjmTBC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
44386fae02d69bfb7478643ab38606bf_JaffaCakes118

Files

44386fae02d69bfb7478643ab38606bf_JaffaCakes118
.exe .js windows:5 windows x86 arch:x86 polyglot

53978f52c5e16fb8c8b6e8da1c415ce5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

sprintf
NtQueueApcThread
NtQueryInformationThread
_strnicmp
RtlExitUserThread
RtlDeleteElementGenericTable
RtlLookupElementGenericTable
RtlEnumerateGenericTable
RtlInitializeGenericTable
RtlInsertElementGenericTable
_stricmp
isalpha
tolower
atol
RtlCompareMemory
NtClose
NtOpenSection
NtQueryInformationProcess
_snprintf
strchr
RtlInitUnicodeString
NtMapViewOfSection
_snwprintf
ZwResumeThread
NtUnmapViewOfSection
sscanf
memset
memcpy
_chkstk
_alloca_probe

shlwapi

UrlGetPartA
PathCombineA
StrStrIA
PathFindFileNameA

wininet

InternetConnectA
InternetCrackUrlA
InternetReadFile
InternetSetOptionA
HttpOpenRequestA
HttpSendRequestA
InternetOpenA
HttpQueryInfoA
InternetCloseHandle

psapi

GetProcessImageFileNameA
GetModuleFileNameExA
EnumProcessModules

kernel32

Sleep
QueueUserWorkItem
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
LoadLibraryExA
OpenEventA
CreateEventA
SetEvent
FreeLibrary
VirtualQuery
ExitProcess
GetCurrentProcessId
GetModuleFileNameA
VirtualAllocEx
GetCommandLineA
CreateRemoteThread
lstrcmpiW
lstrcpyA
CreateThread
DeleteFileA
WriteProcessMemory
LocalFree
GetTempPathA
CloseHandle
GetVersionExA
CreateToolhelp32Snapshot
CreateMutexA
GetModuleHandleA
GetSystemInfo
GetExitCodeThread
LocalAlloc
VirtualAlloc
IsBadWritePtr
VirtualProtect
HeapReAlloc
CreateFileA
GetFileSize
lstrcmpA
SetFilePointer
lstrlenA
MapViewOfFile
UnmapViewOfFile
lstrcpynA
SetEndOfFile
HeapAlloc
GetCurrentProcess
HeapFree
Process32First
WaitForSingleObject
GetTickCount
VirtualFree
GetProcessHeap
VirtualQueryEx
WriteFile
OpenProcess
CreateFileMappingA
ReadProcessMemory
CreateProcessA
ReadFile
lstrcatA
FlushInstructionCache
GetLastError
lstrcmpiA
GetProcAddress
GetTempFileNameA
LoadLibraryA
OpenMutexA
Process32Next

user32

SetWindowLongA
GetWindowLongA
FindWindowA
GetForegroundWindow
SendNotifyMessageA

advapi32

RegCreateKeyExA
RegSetValueExA
RegCloseKey
AdjustTokenPrivileges
OpenProcessToken
RegOpenKeyExA
LookupPrivilegeValueA
RegQueryValueExA
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority

shell32

ShellExecuteExA
SHGetFolderPathA

Exports

Exports

CmdRunExeUrl
CmdSendLogs
CmdUpdateMain
CmdUpdateOption
InjectApcRoutine
InjectNormalRoutine
InjectedShellCodeEnd
InjectedShellCodeStart

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.cfg
Size: 25KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

53978f52c5e16fb8c8b6e8da1c415ce5

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

shlwapi

wininet

psapi

kernel32

user32

advapi32

shell32

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 1024B - Virtual size: 4KB

.reloc Size: 2KB - Virtual size: 1KB

.cfg Size: 25KB - Virtual size: 28KB

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 1024B - Virtual size: 4KB

.reloc
Size: 2KB - Virtual size: 1KB

.cfg
Size: 25KB - Virtual size: 28KB