482d629cfd921b3217f7d14c307025f8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

482d629cfd921b3217f7d14c307025f8_JaffaCakes118
Size

376KB
MD5

482d629cfd921b3217f7d14c307025f8
SHA1

607c37c08e9758dcdba32cb5a95ef84938efc39d
SHA256

1b5ad99dca1796a210340b2f544fd89ae3f18c73658c8ac4bd4dd85181139725
SHA512

a33517ff1feb3a08db36eefd62d19223b13ddc0aaf574e7ecd4ed876f79bcaaa4e3ab41517a4dd5eddc4ab8fcba81a0e645d80df77cd7bb68ae218a8e729ef8e
SSDEEP

6144:ndOApXUez8ZL33VveOhwtQXGQOJVIvzBWurIvzsc:nAApXIz3VGYdTOJVIvzAu7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
482d629cfd921b3217f7d14c307025f8_JaffaCakes118

Files

482d629cfd921b3217f7d14c307025f8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

123d294ab47d133dd6b8bf984f44fd57

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFileExistsA
SHDeleteValueA
SHDeleteKeyA
SHGetValueA
wnsprintfA
SHSetValueA
PathAppendA

kernel32

GetTickCount
InterlockedDecrement
lstrlenA
MoveFileA
InterlockedIncrement
DebugBreak
OutputDebugStringA
GetTempPathA
RemoveDirectoryA
CreateDirectoryA
CopyFileA
GetPrivateProfileIntA
GetPrivateProfileStringA
GetTempFileNameA
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
ExitProcess
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
VirtualFree
CloseHandle
VirtualAlloc
SetFilePointer
ReadFile
GetFileSize
CreateFileA
WriteFile
IsBadReadPtr
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetVersionExA
Process32Next
Process32First
CreateToolhelp32Snapshot
GetCurrentProcess
SizeofResource
LockResource
AllocConsole
FindResourceA
DeviceIoControl
FreeLibrary
GetFileAttributesExA
TerminateProcess
GetDriveTypeA
GetLogicalDrives
WaitForSingleObject
CreateProcessA
OpenMutexA
GetCommandLineA
FreeResource
WritePrivateProfileStringA
CreateThread
LoadLibraryW
MultiByteToWideChar
IsBadCodePtr
SetUnhandledExceptionFilter
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
SetConsoleTitleA
GetStdHandle
GetConsoleScreenBufferInfo
SetConsoleScreenBufferSize
GetConsoleWindow
Sleep
FreeConsole
GetModuleFileNameA
LoadLibraryA
GetProcAddress
ExpandEnvironmentStringsA
GetWindowsDirectoryA
GetSystemDirectoryA
FindFirstFileA
FindNextFileA
FindClose
DeleteFileA
SetFileAttributesA
MoveFileExA
GetFileAttributesA
GetLastError
LocalFree
GetExitCodeProcess
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetEndOfFile
UnhandledExceptionFilter
HeapSize
IsBadWritePtr
HeapReAlloc
HeapCreate
GetEnvironmentVariableA
LCMapStringW
LoadResource
LCMapStringA
WideCharToMultiByte
GetStringTypeW
GetStringTypeA
SetHandleCount
FlushFileBuffers
GetOEMCP
GetACP
GetCPInfo
SetLastError
TlsAlloc
RaiseException
GetVersion
GetStartupInfoA
GetModuleHandleA
TlsGetValue
TlsSetValue
InterlockedExchange
RtlUnwind
SetStdHandle
GetFileType
HeapFree
HeapAlloc

user32

SetActiveWindow
LoadStringA
MessageBoxA
wvsprintfA
GetActiveWindow
SetForegroundWindow
CharNextA
DestroyWindow
DefWindowProcA
ExitWindowsEx

advapi32

SetNamedSecurityInfoA
QueryServiceStatus
StartServiceA
CreateServiceA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
RegFlushKey
RegCreateKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegLoadKeyA
RegUnLoadKeyA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegEnumKeyA
RegQueryValueExA
RegEnumValueA
RegOpenKeyExA
RegCloseKey
GetUserNameA
GetNamedSecurityInfoA
BuildExplicitAccessWithNameA
SetEntriesInAclA
GetExplicitEntriesFromAclA
DeleteAce

shell32

SHGetSpecialFolderPathA
ShellExecuteA

ole32

CoInitialize
CoUninitialize

comctl32

InitCommonControlsEx

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

urlmon

URLDownloadToFileA

netapi32

Netbios

wininet

HttpOpenRequestA
HttpSendRequestA
InternetCloseHandle
InternetConnectA
InternetOpenA

Sections

.text
Size: 96KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 237KB - Virtual size: 316KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

123d294ab47d133dd6b8bf984f44fd57

Headers

File Characteristics

Imports

shlwapi

kernel32

user32

advapi32

shell32

ole32

comctl32

version

urlmon

netapi32

wininet

Sections

.text Size: 96KB - Virtual size: 93KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 24KB - Virtual size: 35KB

.rsrc Size: 237KB - Virtual size: 316KB

.text
Size: 96KB - Virtual size: 93KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 24KB - Virtual size: 35KB

.rsrc
Size: 237KB - Virtual size: 316KB