5e6ba19e634bfc50c07c27db72ffdd9e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5e6ba19e634bfc50c07c27db72ffdd9e_JaffaCakes118
Size

1.4MB
MD5

5e6ba19e634bfc50c07c27db72ffdd9e
SHA1

c5b1e895f7ea18c3d8b0f358039ab03af0734de3
SHA256

afa0825c129abb684ffff6c4fdb73aac4682f9704b638a267b9a590b88d864c3
SHA512

a0b90a7218a54ad6d260e8a2006a30b8d24d2695d8f79675411174ae9cc8756d3e1c9f9e45369b654266b3069321ef43e50caf16a862691e30bb04eb9d131bf3
SSDEEP

24576:CRcGp+EV/WlQnDZJfbaCTPE/JCo8NAti+/Dbx8nJ67EhEGEmUc8pGwk+ktvqh:CRGE/TnDDfUXGC3Lbx8nGE92c8pGZ9ty

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5e6ba19e634bfc50c07c27db72ffdd9e_JaffaCakes118

Files

5e6ba19e634bfc50c07c27db72ffdd9e_JaffaCakes118
.exe windows:5 windows x86 arch:x86

69768e471d84e65cefe2e2142a1193b8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Shiva\documents\visual studio 2010\Projects\Shiva Stealer\Release\Stealer.pdb

Imports

kernel32

CreateFileA
GetFileSize
SetFilePointer
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
QueryPerformanceCounter
InterlockedCompareExchange
UnlockFile
LockFile
GetTickCount
UnlockFileEx
GetSystemTimeAsFileTime
FormatMessageA
WriteFile
InitializeCriticalSection
WideCharToMultiByte
LoadLibraryW
Sleep
FormatMessageW
LeaveCriticalSection
GetFileAttributesW
ReadFile
CreateFileW
MultiByteToWideChar
FlushFileBuffers
GetTempPathW
GetLastError
GetFullPathNameA
EnterCriticalSection
GetDiskFreeSpaceW
CreateFileMappingA
GetDiskFreeSpaceA
GetSystemInfo
GetFileAttributesExW
DeleteCriticalSection
GetVersionExA
DeleteFileW
GetCurrentProcessId
GetTempPathA
GetSystemTime
AreFileApisANSI
DeleteFileA
SetConsoleMode
GetFullPathNameW
WriteProcessMemory
CloseHandle
DuplicateHandle
GetModuleHandleA
GetModuleFileNameA
VirtualAllocEx
CreateProcessA
CreateRemoteThread
GetCurrentProcess
FreeLibrary
CreateMutexA
LockResource
ReadConsoleInputA
GetDriveTypeW
GetCurrentDirectoryW
PeekNamedPipe
GetFileInformationByHandle
OpenMutexA
FreeConsole
FindFirstFileExA
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
SizeofResource
LoadResource
FindResourceA
LocalFree
lstrcpyA
LoadLibraryA
GetPrivateProfileStringA
GetProcAddress
SetCurrentDirectoryA
lstrcatA
lstrlenA
OutputDebugStringA
LockFileEx
GetFileAttributesA
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
GetStringTypeW
EncodePointer
DecodePointer
GetLocaleInfoW
HeapFree
HeapAlloc
HeapReAlloc
GetCommandLineA
HeapSetInformation
RaiseException
RtlUnwind
LCMapStringW
GetCPInfo
GetTimeFormatA
GetDateFormatA
CompareStringW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
GetCurrentThreadId
HeapSize
ExitProcess
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
HeapCreate
GetStdHandle
GetModuleFileNameW
SetHandleCount
GetFileType
GetStartupInfoW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetConsoleCP
GetConsoleMode
SetConsoleCtrlHandler
SetStdHandle
WriteConsoleW
GetProcessHeap
SetEnvironmentVariableA
GetVersion
FindClose
GlobalMemoryStatus
FlushConsoleInputBuffer

user32

MessageBoxA
GetDesktopWindow
GetProcessWindowStation
wsprintfA
GetUserObjectInformationW

advapi32

RegQueryValueExA
RegEnumKeyExA
RegOpenKeyExA
RegQueryInfoKeyA
RegCloseKey
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
CryptCreateHash
RegEnumValueA
DeregisterEventSource
ReportEventA
RegisterEventSourceA
CryptHashData
CryptDestroyHash

shell32

SHGetSpecialFolderPathA

ole32

CoInitialize
CoUninitialize
CoCreateInstance

crypt32

CryptUnprotectData

ws2_32

connect
inet_ntoa
WSAStartup
select
WSAGetLastError
htons
gethostname
recv
socket
getservbyname
shutdown
WSASetLastError
__WSAFDIsSet
closesocket
gethostbyname
send
ioctlsocket
getpeername
WSACleanup
inet_addr

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 202KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 69KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

69768e471d84e65cefe2e2142a1193b8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

crypt32

ws2_32

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 202KB - Virtual size: 202KB

.data Size: 69KB - Virtual size: 87KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 59KB - Virtual size: 58KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 202KB - Virtual size: 202KB

.data
Size: 69KB - Virtual size: 87KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 59KB - Virtual size: 58KB