5a5b0bbb5852cd95ac123e1c0b724641_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

5a5b0bbb5852cd95ac123e1c0b724641_JaffaCakes118
Size

1.5MB
MD5

5a5b0bbb5852cd95ac123e1c0b724641
SHA1

f76a839d18bbc0c3dead6bfd625377d9ce71c87c
SHA256

2d94aef114bb02fdc3f74c5e8429c6746b7ec289de98e5259ff2a63153c9e63d
SHA512

c570a1e1b2a0bdbb483acdf1dfd22f6897f68d0a45b19965ffa40191b975b12760ef9f6d440a09a4d8b6903fb9a21154184b87d2072bb4b10b19d8c5a49b5fd1
SSDEEP

24576:mlk/z2taIFK45TrftaP1wAzVq2yCrPzJ7GQ9LzaTR8HT:mlkcL0QKyizpGQ9L2TR8z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5a5b0bbb5852cd95ac123e1c0b724641_JaffaCakes118

Files

5a5b0bbb5852cd95ac123e1c0b724641_JaffaCakes118
.exe windows:5 windows x86 arch:x86

729b2f01836ae5f388fec5fb46f407f0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetGetConnectedState
HttpSendRequestW
InternetSetOptionW
HttpOpenRequestW
InternetConnectW
InternetOpenW
InternetCloseHandle

iphlpapi

GetAdaptersInfo

sensapi

IsNetworkAlive

netapi32

Netbios

kernel32

GetSystemTimeAsFileTime
GetTickCount
DuplicateHandle
GetCurrentThread
WideCharToMultiByte
GetTempPathW
GetSystemDirectoryW
GetVersionExW
VerifyVersionInfoW
VerSetConditionMask
GetSystemTime
GetLocaleInfoW
GetSystemDefaultLCID
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
TerminateProcess
OpenProcess
GetSystemInfo
LoadLibraryW
CreateProcessW
FormatMessageW
OutputDebugStringA
DeviceIoControl
CreateFileA
GetModuleFileNameA
DeleteFileW
RemoveDirectoryW
FindNextFileW
FindFirstFileW
CreateDirectoryW
ReadFile
SetFilePointer
GetFileSize
GetDriveTypeW
GetFileSizeEx
MoveFileExW
CopyFileW
GetFileAttributesW
GetFullPathNameW
GetLongPathNameW
GetShortPathNameW
QueryDosDeviceW
GetLogicalDriveStringsW
WriteFile
FindClose
lstrlenA
Sleep
InterlockedCompareExchange
AreFileApisANSI
SetEndOfFile
FlushFileBuffers
UnlockFile
LockFile
GetFileAttributesA
DeleteFileA
LoadLibraryA
QueryPerformanceCounter
FlushInstructionCache
LockFileEx
GetTempPathA
FormatMessageA
GetFullPathNameA
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetConsoleCP
GetStdHandle
ExitProcess
HeapCreate
CreateThread
ExitThread
GetStringTypeW
ReleaseSemaphore
GetStartupInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
CreateWaitableTimerA
SetWaitableTimer
SystemTimeToFileTime
ResumeThread
TlsSetValue
CreateMutexA
TlsGetValue
TlsFree
TlsAlloc
ReleaseMutex
LCMapStringW
LCMapStringA
GetStringTypeExA
GetUserDefaultLCID
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
GetACP
IsProcessorFeaturePresent
InterlockedExchange
IsValidCodePage
GetTimeFormatA
GetDateFormatA
CreateSemaphoreA
LocalFree
PulseEvent
GetTimeZoneInformation
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
InitializeCriticalSectionAndSpinCount
WriteConsoleA
GetConsoleOutputCP
SetLastError
CreateEventA
SetEvent
WaitForMultipleObjects
ResetEvent
GetPrivateProfileStringW
HeapFree
GetProcessHeap
HeapAlloc
WaitForSingleObject
FindResourceExW
LockResource
FindCloseChangeNotification
CreateFileW
GetFileTime
FindFirstChangeNotificationW
OpenEventW
FindNextChangeNotification
GetProcAddress
lstrcmpiW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
InitializeCriticalSection
GetLastError
lstrlenW
GetModuleFileNameW
GetModuleHandleW
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
RaiseException
DeleteCriticalSection
GetCurrentThreadId
CloseHandle
CreateEventW
GetConsoleMode
SetHandleCount
GetFileType
GetStartupInfoA
GetCPInfo
GetCurrentProcess
WriteConsoleW
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetModuleHandleA
GetCurrentProcessId
GetOEMCP

user32

GetClassInfoExW
LoadStringA
PostQuitMessage
FindWindowW
SetPropW
DispatchMessageW
TranslateMessage
GetMessageW
DispatchMessageA
GetMessageA
IsWindowUnicode
CreateWindowExW
PtInRect
ReleaseDC
GetDC
EndPaint
BeginPaint
PeekMessageW
GetParent
RedrawWindow
SetWindowPos
DrawTextW
LoadCursorW
SetCursor
GetSysColor
GetClientRect
GetWindowRect
MoveWindow
FillRect
SetLayeredWindowAttributes
SystemParametersInfoW
GetActiveWindow
LoadStringW
CopyRect
GetDlgItem
GetTopWindow
ChildWindowFromPoint
KillTimer
SetTimer
ShowWindow
ScreenToClient
SetWindowTextW
SendMessageW
DialogBoxParamW
EndDialog
LoadBitmapW
GetCursorPos
TrackMouseEvent
GetSystemMetrics
LoadImageW
CharNextW
GetWindowLongW
SetWindowLongW
DestroyWindow
CallWindowProcW
DefWindowProcW
MsgWaitForMultipleObjects
GetGUIThreadInfo
IsWindow
UnregisterClassA
InvalidateRect
RegisterClassExW

gdi32

SetTextColor
GetTextMetricsW
GetStockObject
CreateCompatibleBitmap
BitBlt
SelectObject
CreateFontIndirectW
GetObjectW
SetBkMode
DeleteDC
CreatePatternBrush
CreateSolidBrush
DeleteObject
CreateCompatibleDC

advapi32

SaferCloseLevel
CreateProcessAsUserW
GetSidSubAuthorityCount
GetUserNameW
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
CopySid
IsValidSid
ConvertSidToStringSidW
GetTokenInformation
GetLengthSid
InitializeAcl
AddAce
GetSecurityInfo
GetAclInformation
GetAce
DeleteAce
SetSecurityInfo
OpenThreadToken
OpenProcessToken
RegEnumKeyW
RegEnumValueW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegNotifyChangeKeyValue
RegQueryValueExW
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
SaferComputeTokenFromLevel
SaferCreateLevel
SetTokenInformation

shell32

ShellExecuteExW
SHFileOperationW
SHGetSpecialFolderPathW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoInitialize
CoUninitialize
CLSIDFromString
StringFromGUID2
StringFromIID
CoCreateGuid
CoSetProxyBlanket
CoTaskMemFree

oleaut32

VariantTimeToSystemTime
VarUdateFromDate
SysFreeString
VarUI4FromStr
SysAllocString
VariantInit
VariantClear
SystemTimeToVariantTime

shlwapi

PathRemoveFileSpecW
SHCopyKeyW

comctl32

InitCommonControlsEx
_TrackMouseEvent

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 155KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 28KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 276KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

729b2f01836ae5f388fec5fb46f407f0

Headers

DLL Characteristics

File Characteristics

Imports

wininet

iphlpapi

sensapi

netapi32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 155KB - Virtual size: 155KB

.data Size: 28KB - Virtual size: 42KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 276KB - Virtual size: 280KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 155KB - Virtual size: 155KB

.data
Size: 28KB - Virtual size: 42KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 276KB - Virtual size: 280KB