55c2663cfb4eb03f1e7d298fe4504d1a_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

55c2663cfb4eb03f1e7d298fe4504d1a_JaffaCakes118
Size

282KB
MD5

55c2663cfb4eb03f1e7d298fe4504d1a
SHA1

61b2c80c8c8dd4935fa7cbfdcbecccd13b38bf12
SHA256

c9fe44239070bb2a048ea3c044471112f340049cacb87522de5adbc74d687bb2
SHA512

03a5b1e6f74da5d52342f910f66e000c1d7d37f52a59432f6cc1ba18020c907504260fd77070378348359fb0de5311edecb554ff17623d410915315f26a61399
SSDEEP

6144:CVl2IPffs2yJp8qTBqjMt26SMZ8FpD95qqDLuHzE1Q:sTDyJGqTsjMt2TM8FpD90qnuTEa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
55c2663cfb4eb03f1e7d298fe4504d1a_JaffaCakes118

Files

55c2663cfb4eb03f1e7d298fe4504d1a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

1c7f95ec57b3917a7f584accbb6dedb4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

_vsnprintf
_stricmp
strchr
strtoul
_strnicmp
memmove
wcscmp
wcsncat
tolower
isspace
isprint
_wcsicmp
strcmp
memcmp
_wcsnicmp
wcslen
wcsstr
strncmp
_chkstk
strlen
atoi
memcpy
memset
_alldiv

ws2_32

connect
closesocket
send
WSACleanup
WSAStartup
socket
htons
bind
listen
getaddrinfo
freeaddrinfo
select
WSASetLastError
accept
shutdown
WSAIoctl
WSAStringToAddressW
WSAGetLastError
setsockopt
recv
recvfrom
sendto
getpeername
ioctlsocket
__WSAFDIsSet
inet_addr
getsockname

kernel32

QueryPerformanceCounter
InterlockedDecrement
InterlockedIncrement
GetProcessTimes
UnregisterWait
IsWow64Process
OpenProcess
WideCharToMultiByte
CreateEventA
RegisterWaitForSingleObject
OpenEventA
CreateMutexA
QueryPerformanceFrequency
GetVersionExA
WriteProcessMemory
GlobalFindAtomW
lstrcmpA
GetProcessHandleCount
VirtualProtectEx
GetNativeSystemInfo
GetVersionExW
LoadLibraryW
RemoveDirectoryW
Sleep
GetCurrentThread
CloseHandle
CreateThread
lstrcpynA
lstrlenA
TerminateThread
ExitProcess
GetLastError
DeleteFileW
FindClose
FindNextFileW
lstrcmpW
FindFirstFileW
GetPrivateProfileStringW
GetPrivateProfileIntW
ExpandEnvironmentStringsW
GetModuleHandleA
GetTickCount
lstrlenW
SetLastError
lstrcatW
lstrcpynW
DeleteCriticalSection
ExitThread
ResetEvent
LeaveCriticalSection
EnterCriticalSection
WaitForSingleObject
SetEvent
CreateEventW
InitializeCriticalSection
HeapReAlloc
HeapAlloc
GetProcessHeap
HeapFree
ResumeThread
CreateProcessW
CreateFileW
WriteFile
SetFilePointer
SetEndOfFile
ReadFile
GetFileSize
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetCurrentProcessId
GetCurrentProcess
ReadProcessMemory
GetModuleHandleW
CreateRemoteThread
lstrcmpiW
LocalFree
LocalAlloc
GetModuleFileNameW
TerminateProcess
SetFileAttributesW
VirtualQuery
GetProcAddress
LoadLibraryA
VirtualFreeEx
VirtualAllocEx
Process32Next
Process32First
DeviceIoControl
CreateFileA
VirtualFree
CreateProcessA
VirtualAlloc
ReleaseMutex
OpenMutexW
CreateMutexW
CopyFileW
DuplicateHandle

shlwapi

PathCombineA
StrChrA

user32

CreateDesktopA
OpenDesktopA
CloseWindowStation
SetThreadDesktop
CloseDesktop
CreateWindowStationW
IsWindow
VkKeyScanA
CharNextA
SetProcessWindowStation
SendInput
SetCursorPos

advapi32

AdjustTokenPrivileges
OpenProcessToken
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
ConvertSidToStringSidA
RegNotifyChangeKeyValue
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
InitializeSecurityDescriptor
InitializeSid
GetSidLengthRequired
LookupPrivilegeValueW

shell32

SHGetFolderPathW
ShellExecuteExW
SHFileOperationW
SHGetFolderPathAndSubDirW

ole32

CoInitialize
CoUninitialize
CoCreateGuid
StringFromGUID2
CoCreateInstance

Sections

.text
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 57KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1c7f95ec57b3917a7f584accbb6dedb4

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

ws2_32

kernel32

shlwapi

user32

advapi32

shell32

ole32

Sections

.text Size: 96KB - Virtual size: 96KB

.rdata Size: 120KB - Virtual size: 120KB

.data Size: 57KB - Virtual size: 68KB

.CRT Size: 512B - Virtual size: 16B

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 96KB - Virtual size: 96KB

.rdata
Size: 120KB - Virtual size: 120KB

.data
Size: 57KB - Virtual size: 68KB

.CRT
Size: 512B - Virtual size: 16B

.reloc
Size: 6KB - Virtual size: 6KB