5ed7413de7c3c34c4793ad0e2e8e02df_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

5ed7413de7c3c34c4793ad0e2e8e02df_JaffaCakes118
Size

315KB
MD5

5ed7413de7c3c34c4793ad0e2e8e02df
SHA1

37f8121de41e41124107c160be80596be3c399ca
SHA256

b35cef1f256694b305f0846b09426a9fc4829e68f3ca9e454dc092c60b49384d
SHA512

aab8faea1c926c3473304e828452830d9ffccdb61aea8d81900c3d441d8029c761651e5f1fba2a765af928a44cdf1fddca862b03908ce03a0669bdae3886bd53
SSDEEP

6144:Ch2lx9G21uua4MDrnA767Xy05dggcgzJClYfKOw1u6yk2/IKx1GfS:CwlxZCPnA7nIdggcgF+Yfk1ui2/ILK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5ed7413de7c3c34c4793ad0e2e8e02df_JaffaCakes118

Files

5ed7413de7c3c34c4793ad0e2e8e02df_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a031b4036f13588e4fcfeae46d954fbd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_wcsicmp
strlen
wcstoul
wcscpy
memcpy
memset
wcspbrk
_wcsnicmp
wcstok
swprintf
_adjust_fdiv
_initterm
free
wcscmp
memmove
wcschr
wcslen
malloc
sprintf
wcsspn
iswdigit

ntdll

NtRemoveIoCompletion
RtlFreeUnicodeString
NtFlushBuffersFile
RtlStringFromGUID
RtlGUIDFromString
RtlInitUnicodeString

advapi32

RegEnumValueW
OpenServiceW
RegQueryValueExA
CloseServiceHandle
ControlService
RegOpenKeyExW
RegEnumKeyExW
RegDeleteKeyW
RegCloseKey
RegDeleteValueW
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExA
RegQueryInfoKeyA
RegCreateKeyExA
OpenSCManagerW

kernel32

HeapFree
GetProcessHeap
TlsAlloc
DeleteCriticalSection
HeapAlloc
SetFilePointer
LoadLibraryA
GlobalMemoryStatusEx
CreateFileW
GetWindowsDirectoryW
UnhandledExceptionFilter
LoadLibraryW
TlsGetValue
GetModuleHandleW
OpenSemaphoreA
SetEvent
CreateThread
SetUnhandledExceptionFilter
MultiByteToWideChar
GetSystemDefaultLangID
LoadLibraryExW
GetLogicalDrives
DisableThreadLibraryCalls
OpenSemaphoreW
GetUserDefaultLCID
GetStartupInfoA
FindResourceW
CreateEventW
HeapCreate
FormatMessageW
CreateMutexW
LocalAlloc
InterlockedDecrement
InterlockedIncrement
CloseHandle
GetUserDefaultLangID
CreateSemaphoreA
WriteFile
VirtualAlloc
FindNextFileA
HeapDestroy
lstrlenW
ReadFile
GetOEMCP
FindResourceExA
AreFileApisANSI
TlsSetValue
WaitForSingleObjectEx
ExpandEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
GetModuleHandleA
ResetEvent
GetCommandLineA
GetProcAddress
QueryPerformanceCounter
GetTickCount
DeviceIoControl
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
LCMapStringW
GetLastError
GetCommandLineW
GetThreadLocale
GetCurrentProcess

mprapi

MprConfigServerDisconnect
MprConfigServerConnect

ole32

CoUninitialize
CoInitializeEx
CoTaskMemFree
CoCreateInstance

user32

GetForegroundWindow
GetActiveWindow
LoadBitmapA
PostQuitMessage
LoadMenuA
DestroyWindow
CreateWindowExA
GetSystemMetrics
GetDC
LoadCursorA
GetInputState
GetMessageA
EnumWindows
DefWindowProcA
GetCapture
UnregisterClassA
ReleaseDC
GetCaretBlinkTime
GetClipboardSequenceNumber
GetFocus
GetClipboardViewer
FindWindowA
GetClipboardOwner
LoadStringW

ws2_32

WSAStringToAddressW
WSAAddressToStringW

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 200KB - Virtual size: 255KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 22KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a031b4036f13588e4fcfeae46d954fbd

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ntdll

advapi32

kernel32

mprapi

ole32

user32

ws2_32

Sections

.text Size: 80KB - Virtual size: 79KB

.data Size: 200KB - Virtual size: 255KB

.bss Size: - Virtual size: 22KB

.tls Size: 1KB - Virtual size: 1KB

.rsrc Size: 29KB - Virtual size: 28KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 80KB - Virtual size: 79KB

.data
Size: 200KB - Virtual size: 255KB

.bss
Size: - Virtual size: 22KB

.tls
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 29KB - Virtual size: 28KB

.reloc
Size: 4KB - Virtual size: 3KB