5d9c10031b51a64164ec5c2c95163d20_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

5d9c10031b51a64164ec5c2c95163d20_JaffaCakes118
Size

130KB
MD5

5d9c10031b51a64164ec5c2c95163d20
SHA1

43f0e26b49498437222fdc9045bea6cbcc888bc2
SHA256

37c533619416a6ad814780a55ced15798636efedf140d870a12272f042f5a448
SHA512

1d86ec9259dda54a150e958e219086bcb5307dee0b15fc75de245bf3d7f0cb4d550cfc54c763cc828d7d1809cdf4c57fd97162d9623b2bfecf58cd8f2f6f6544
SSDEEP

1536:BthIRClk6J7T/FUA2pDEhQjQSv6z08Px5eEgWyq6yBXtKf94UN5VYj:NB77KhpDEFe6IypyF4UN5VYj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5d9c10031b51a64164ec5c2c95163d20_JaffaCakes118

Files

5d9c10031b51a64164ec5c2c95163d20_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e2ae2ea1733f8c81032388e23d957446

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetWindowsDirectoryA
GetModuleFileNameA
GetModuleHandleA
ExitProcess
CloseHandle
WriteFile
CreateFileA
GetTempPathA
CreateThread
GetTickCount
ExitThread
GlobalUnlock
GlobalLock
GlobalAlloc
InterlockedDecrement
GetVersionExA
GetLocaleInfoA
lstrcmpiA
ExpandEnvironmentStringsA
GetCurrentDirectoryA
CreateMutexA
SetErrorMode
LocalFree
GetLocaleInfoW
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
GetFileAttributesA
SetFileAttributesA
CopyFileA
GetLastError
Sleep
WriteConsoleA
LoadLibraryA
InitializeCriticalSectionAndSpinCount
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
HeapSize
SetFilePointer
ReadFile
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
HeapCreate
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
RaiseException
RtlUnwind
HeapAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
GetCommandLineA
GetStartupInfoA
HeapFree
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetCPInfo
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetACP
GetOEMCP
IsValidCodePage
VirtualFree
VirtualAlloc
HeapReAlloc

user32

SetClipboardData
OpenClipboard
VkKeyScanA
ShowWindow
SetFocus
SetForegroundWindow
keybd_event
EmptyClipboard
CloseClipboard

advapi32

RegSetValueExA
RegCloseKey
RegCreateKeyExA

shell32

ShellExecuteA

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysFreeString
SysAllocString
VariantClear
VariantInit

ws2_32

socket
sendto
closesocket
htons
recv
inet_addr
gethostbyname
WSACleanup
WSAStartup
send
select
connect

urlmon

URLDownloadToFileA

shlwapi

PathRemoveFileSpecA

Sections

.text
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e2ae2ea1733f8c81032388e23d957446

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

ws2_32

urlmon

shlwapi

Sections

.text Size: 102KB - Virtual size: 102KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 6KB - Virtual size: 18KB

.rsrc Size: 512B - Virtual size: 436B

.text
Size: 102KB - Virtual size: 102KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 6KB - Virtual size: 18KB

.rsrc
Size: 512B - Virtual size: 436B