6935790bccd88aa3b696a4c97623675c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6935790bccd88aa3b696a4c97623675c_JaffaCakes118
Size

80KB
MD5

6935790bccd88aa3b696a4c97623675c
SHA1

15d4e507b01291c17d9fe8bba202a8ebe323aa3e
SHA256

af5a3f99a4094682cb6e8b6c23beb4ff7980f7ef1001525a4bd0a5f9e132d5e9
SHA512

198c3e9a858c863e566744455f2a56ed07ec7ee0485f4b9b7aceff1ed23cb178321aa28570ff06877dda879bf92a9559e3cf3ee5bc8cdb598287b640cc2da2bc
SSDEEP

1536:Nx/+/+Fy9zd8qZJhZStp4tKGCzQdRjIL/E5evY/JolTp+:NxCd8sctpGCzBYevY/Joll+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6935790bccd88aa3b696a4c97623675c_JaffaCakes118

Files

6935790bccd88aa3b696a4c97623675c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

636f1494ccda766aca777715ae7cda25

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThreadId
lstrlenA
InterlockedIncrement
lstrcatA
GetWindowsDirectoryA
Sleep
WinExec
DeleteFileA
CopyFileA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExW
GetCurrentDirectoryA
lstrcpyW
GetModuleHandleW
GetModuleFileNameW
GetLastError
FreeLibrary
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
lstrcmpiW
lstrcpynW
CloseHandle
CreateThread
GetStringTypeExW
OpenProcess
DebugBreak
OutputDebugStringW
DeleteFileW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetSystemDirectoryA
DeviceIoControl
CreateFileW
SetLastError
TlsAlloc
MultiByteToWideChar
GetFileType
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
FlushFileBuffers
WriteFile
GetModuleFileNameA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapSize
TerminateProcess
GetProcAddress
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
VirtualQuery
RtlUnwind
GetStartupInfoW
lstrlenW
InterlockedDecrement
RaiseException
HeapAlloc
GetProcessHeap
HeapFree
GetCurrentProcess
FlushInstructionCache
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetSystemInfo
VirtualProtect
GetModuleHandleA
MoveFileA
ExitProcess
HeapReAlloc
GetVersionExA
TlsSetValue
TlsGetValue
LoadLibraryA
InitializeCriticalSection
GetStartupInfoA
LCMapStringW
LCMapStringA
GetStringTypeW
SetStdHandle
SetFilePointer
WideCharToMultiByte
GetStringTypeA
ReadFile
SetEndOfFile
GetCPInfo
GetOEMCP
CreateFileA
TlsFree

user32

wvsprintfW
CharUpperBuffW
DefWindowProcW
CharNextW
CreateDialogParamW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
ShowWindow
FindWindowW
FindWindowExW
GetSystemMetrics
LoadImageW
GetActiveWindow
DialogBoxParamW
PostQuitMessage
IsDialogMessageW
SendMessageW
SetWindowLongW
DestroyWindow
UnregisterClassW
GetWindow
GetWindowRect
SystemParametersInfoW
GetClientRect
MapWindowPoints
SetWindowPos
GetParent
GetWindowLongW
EndDialog
FindWindowA

advapi32

RegDeleteValueW
RegCreateKeyExW
RegOpenKeyA
RegQueryValueExA
RegSetValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW

ole32

CoInitialize
CoUninitialize
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance

oleaut32

VarUI4FromStr
SysAllocString
SysAllocStringLen
VarBstrCmp
SysStringLen
SysFreeString

comctl32

InitCommonControlsEx

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueW

psapi

EnumProcessModules
GetModuleFileNameExW

ws2_32

gethostbyname
inet_ntoa
inet_addr
WSACleanup
WSAStartup
gethostname

iphlpapi

SendARP

wininet

FtpSetCurrentDirectoryA
FtpPutFileA
InternetOpenUrlA
InternetReadFile
InternetCloseHandle
FtpGetCurrentDirectoryA
InternetConnectA
InternetOpenA

Sections

.text
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

636f1494ccda766aca777715ae7cda25

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

comctl32

version

psapi

ws2_32

iphlpapi

wininet

Sections

.text Size: 52KB - Virtual size: 48KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 4KB - Virtual size: 10KB

.rsrc Size: 8KB - Virtual size: 7KB

.text
Size: 52KB - Virtual size: 48KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 10KB

.rsrc
Size: 8KB - Virtual size: 7KB