622da8b8b9c5b41a11fcef9df314d8a9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

622da8b8b9c5b41a11fcef9df314d8a9_JaffaCakes118
Size

467KB
MD5

622da8b8b9c5b41a11fcef9df314d8a9
SHA1

f37905011b02edaf9cc0ccf6e4820508a80b3425
SHA256

2663b724f51551cd62e86d362a6fbe90f134ec6dbad01eda622fb22729441b12
SHA512

2fd5fdc111d0d6e9a8c5099b23d8076000affabb26062fcd11afc0d211d8a6bc27019ce4ce378f98bec325c4c6975650c4decb120f93c491f5e079493c4a2853
SSDEEP

12288:/h4s6QJinwY1HXYycCwFYnvqckcogx+lVg4BhU:Q1HIoyE9YVg40

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
622da8b8b9c5b41a11fcef9df314d8a9_JaffaCakes118

Files

622da8b8b9c5b41a11fcef9df314d8a9_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ca98a93a24b2dec0c382a35c4198d2b6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

gethostbyname
inet_ntoa
WSACleanup
WSAStartup

urlmon

URLOpenPullStreamA
URLDownloadToCacheFileA

wininet

InternetConnectA
InternetCrackUrlA
InternetOpenA
InternetGetCookieA
InternetSetCookieA
InternetReadFile
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetCloseHandle

kernel32

GetUserDefaultLCID
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
RaiseException
EnterCriticalSection
LeaveCriticalSection
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetProcAddress
GetModuleHandleA
lstrlenA
lstrcmpiA
InterlockedDecrement
InterlockedIncrement
IsDBCSLeadByte
GetModuleFileNameA
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
SetLastError
DebugBreak
OutputDebugStringA
CloseHandle
WaitForSingleObject
CreateThread
LoadLibraryA
InitializeCriticalSection
GetCurrentThreadId
HeapFree
HeapAlloc
GetProcessHeap
OpenProcess
CreateProcessW
GetCurrentProcessId
LocalFree
LocalAlloc
GetCurrentProcess
ReleaseMutex
CreateMutexA
GetVersion
ReadFile
GetFileType
SetHandleCount
GetStringTypeW
GetTimeZoneInformation
Sleep
HeapSize
HeapReAlloc
IsProcessorFeaturePresent
HeapCreate
GetModuleFileNameW
GetStdHandle
WriteFile
ExitProcess
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
CreateFileA
WriteConsoleW
SetEndOfFile
CompareStringW
SetEnvironmentVariableA
CreateFileW
GetStringTypeExA
LCMapStringA
UnhandledExceptionFilter
InterlockedCompareExchange
TlsFree
LoadLibraryW
InterlockedExchange
LCMapStringW
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetStartupInfoW
HeapSetInformation
GetCommandLineA
GetLocalTime
GetSystemTimeAsFileTime
RtlUnwind
EncodePointer
DecodePointer
VirtualProtect
VirtualAlloc
GetModuleHandleW
GetSystemInfo
VirtualQuery
SetFilePointer

user32

TranslateMessage
DispatchMessageA
EnumWindows
GetClassNameA
FindWindowExA
PostMessageA
CharUpperA
DestroyWindow
SetTimer
FindWindowA
GetWindowThreadProcessId
MessageBoxA
CharLowerA
wvsprintfA
PostThreadMessageA
LoadStringA
CharNextA
GetMessageA

advapi32

RegEnumValueA
RegQueryValueExA
DuplicateTokenEx
OpenProcessToken
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
RegEnumKeyExA
RegQueryInfoKeyW
RegSetValueExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyExA

shell32

ShellExecuteA

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
CoCreateGuid
CoInitialize
CLSIDFromProgID
CoUninitialize

oleaut32

SysAllocStringLen
SysAllocString
VariantClear
VariantInit
LoadTypeLi
LoadRegTypeLi
VarUI4FromStr
SysStringLen
SysFreeString

Sections

.text
Size: 372KB - Virtual size: 372KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 9KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ca98a93a24b2dec0c382a35c4198d2b6

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

urlmon

wininet

kernel32

user32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 372KB - Virtual size: 372KB

.rdata Size: 61KB - Virtual size: 60KB

.data Size: 9KB - Virtual size: 17KB

.rsrc Size: 23KB - Virtual size: 23KB

.text
Size: 372KB - Virtual size: 372KB

.rdata
Size: 61KB - Virtual size: 60KB

.data
Size: 9KB - Virtual size: 17KB

.rsrc
Size: 23KB - Virtual size: 23KB