44fd2aea4727d73e4af7d75658925cf2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

44fd2aea4727d73e4af7d75658925cf2_JaffaCakes118
Size

443KB
MD5

44fd2aea4727d73e4af7d75658925cf2
SHA1

38d4eebefad63574338f366fc8bc8bab474593c5
SHA256

b16f2ce07d683520fa940cb21a60d9537c4ac41dadd962cc974445ced1033e8b
SHA512

9f2c354fabc77b23d95af9fe0959c6050d9435f3bdd1070ca432ec3eadcf2e214f1622180cb9b5d459a964ebd9b1e942f2bca85ed5f4a41add144b2439442acf
SSDEEP

12288:SUcrGRL1pNCYQNU7iR7i4jKumnltCtxAkiEpm5zYChvWGAvgy/pMH8OX3zNUW:SXrGB7N3Epm5xhOzgOMHBnzN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
44fd2aea4727d73e4af7d75658925cf2_JaffaCakes118

Files

44fd2aea4727d73e4af7d75658925cf2_JaffaCakes118
.exe windows:5 windows x86 arch:x86

86bded29f95846e27e1e57887d516fe9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateEventA
LocalAlloc
CreateDirectoryA
SetCurrentDirectoryA
DeleteFileA
TerminateProcess
CreatePipe
WaitForMultipleObjects
ReleaseMutex
CreateMutexA
CreateMutexW
LocalFree
OpenEventA
GetCommandLineA
lstrcmpiA
lstrlenA
FlushViewOfFile
WinExec
FileTimeToSystemTime
InterlockedDecrement
TerminateThread
GetShortPathNameA
GetFullPathNameA
PeekNamedPipe
GetLastError
Sleep
GetStartupInfoA
CreateProcessA
GetSystemTime
GetLocalTime
SystemTimeToFileTime
CompareFileTime
CreateWaitableTimerA
SetWaitableTimer
WaitForSingleObject
GetModuleHandleW
ExitThread
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
CreateFileA
SetFilePointer
ReadFile
GetCurrentDirectoryA
CloseHandle
FlushFileBuffers
WriteFile
SetEndOfFile
GetSystemDirectoryA
LoadLibraryA
FreeLibrary
GetProcAddress
CopyFileW
CreateThread
SetEvent
GetModuleFileNameA
MoveFileExW
GetFileTime
SetFileTime
CopyFileExW
GetVersion
MoveFileW
GetModuleFileNameW
GetVolumeInformationW
FileTimeToLocalFileTime
GetDiskFreeSpaceW
GetVolumePathNameW
OpenProcess
SetLocalTime
GetDateFormatW
SetFileAttributesW
DeleteFileW
RemoveDirectoryW
CreateDirectoryW
GetFullPathNameW
GetConsoleScreenBufferInfo
FormatMessageW
SetCurrentDirectoryW
GetTempPathW
GetExitCodeProcess
LoadLibraryW
CreateProcessW
GetEnvironmentVariableW
FindNextFileW
FindClose
GetFileAttributesW
FindFirstFileW
GetCurrentDirectoryW
GetLocaleInfoW
HeapSize
GetDriveTypeA
GetProcessHeap
GetLocaleInfoA
GetSystemInfo
GetModuleHandleA
GetVersionExA
HeapAlloc
HeapFree
HeapReAlloc
GetSystemTimeAsFileTime
MultiByteToWideChar
RtlUnwind
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualFree
VirtualAlloc
HeapCreate
ExitProcess
GetStdHandle
GetCPInfo
InterlockedIncrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetStdHandle
GetFileType
SetHandleCount
CreateFileW
LCMapStringA
LCMapStringW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
RaiseException
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW

advapi32

RegCloseKey
SetSecurityDescriptorDacl
OpenProcessToken
GetTokenInformation
LookupPrivilegeValueW
LookupAccountSidW
GetSecurityDescriptorOwner
IsValidSid
AdjustTokenPrivileges
GetFileSecurityW
RegSetValueExW
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegDeleteValueA
RegOpenKeyExA
FreeSid
RegisterServiceCtrlHandlerA
ControlService
DeleteService
SetServiceStatus
OpenSCManagerA
GetServiceDisplayNameA
StartServiceCtrlDispatcherA
OpenServiceA
StartServiceA
CloseServiceHandle
CheckTokenMembership
GetUserNameA
AllocateAndInitializeSid
InitializeSecurityDescriptor

ole32

CoCreateInstance
CoInitializeEx
CoUninitialize
CoCreateGuid

oleaut32

VariantClear
SysAllocString
SysAllocStringByteLen
SysStringLen
SysFreeString

iphlpapi

GetAdaptersInfo
GetAdaptersAddresses

shlwapi

PathFileExistsW
StrRChrIW
PathIsRelativeA
PathFileExistsA
SHDeleteKeyA
PathIsFileSpecW
PathIsSameRootW
PathRemoveFileSpecW

ws2_32

ntohs
getservbyport
gethostbyaddr
socket
getservbyname
WSASetLastError
inet_ntoa
gethostbyname
getnameinfo
inet_addr
connect
closesocket
shutdown
send
setsockopt
WSAStartup
recv
select
gethostname
bind
WSACleanup
htonl
getsockname
accept
__WSAFDIsSet
listen
recvfrom
WSAIoctl
sendto
htons
WSAGetLastError

wtsapi32

WTSFreeMemory
WTSEnumerateProcessesW

user32

GetSystemMetrics
GetUserObjectSecurity

Sections

.text
Size: 376KB - Virtual size: 375KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

86bded29f95846e27e1e57887d516fe9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ole32

oleaut32

iphlpapi

shlwapi

ws2_32

wtsapi32

user32

Sections

.text Size: 376KB - Virtual size: 375KB

.rdata Size: 26KB - Virtual size: 25KB

.data Size: 23KB - Virtual size: 38KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 15KB - Virtual size: 14KB

.text
Size: 376KB - Virtual size: 375KB

.rdata
Size: 26KB - Virtual size: 25KB

.data
Size: 23KB - Virtual size: 38KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 15KB - Virtual size: 14KB