687e70c2b819b43ead52011957d4a9c5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

687e70c2b819b43ead52011957d4a9c5_JaffaCakes118
Size

208KB
MD5

687e70c2b819b43ead52011957d4a9c5
SHA1

666cb4c893bc5d93ec3a2eb9976b511e355fbf52
SHA256

483d4f4515332bd345c4f086da4e454f6c40f89de6fad69874a01a217b16331e
SHA512

6ae0ced3b8ca3a2be21e59e51580338de3eb320edbacba092112cdb4539d55c552acae58b71d5a45c745df49b121da27115505ab41183a8001ae4341bf0421c8
SSDEEP

3072:enpBLGIO8ZLW4gdFwoF8rKSYtU57KIw/F4S9taNtjvjOS+G5IB+:6O8ZK4qFwoFiKSYugmS9tCtu7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
687e70c2b819b43ead52011957d4a9c5_JaffaCakes118

Files

687e70c2b819b43ead52011957d4a9c5_JaffaCakes118
.exe windows:5 windows x86 arch:x86

1e419bfcbd89b5e6efc6c0ea79c8c905

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

urlmon

URLDownloadToCacheFileA

psapi

GetModuleFileNameExA

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

kernel32

CreateFileA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
GetVolumeInformationA
GetDriveTypeA
WaitForSingleObject
CreateMutexA
CreateToolhelp32Snapshot
OpenProcess
CreateThread
GetLongPathNameA
GetTempPathA
FreeResource
LockResource
LoadResource
SizeofResource
FindResourceExA
EnumResourceLanguagesA
EnumResourceNamesA
lstrlenA
FreeLibrary
LoadLibraryExA
TerminateProcess
GetCurrentProcess
SetEvent
GetTempFileNameA
Process32Next
Process32First
FindClose
FindNextFileA
FindFirstFileA
GetTickCount
CopyFileA
ReleaseMutex
lstrcatA
WriteFile
GetModuleFileNameA
CreateProcessA
CloseHandle
Sleep
GetLastError
ReadFile
GetConsoleCP
HeapReAlloc
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetStringTypeW
GetStringTypeA
VirtualAlloc
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
DeleteFileA
OpenEventA
GetConsoleMode
FlushFileBuffers
SetFilePointer
GetSystemTimeAsFileTime
lstrcmpiA
GetLocalTime
GetCurrentThreadId
GetVersionExA
GetCurrentProcessId
GetFullPathNameA
GetCurrentThread
WideCharToMultiByte
GetModuleHandleA
HeapAlloc
HeapFree
GetProcessHeap
TerminateThread
CreateEventA
ResetEvent
lstrcmpA
EnumResourceTypesA
InterlockedIncrement
InterlockedDecrement
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
GetCommandLineA
GetStartupInfoA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetCPInfo
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetACP
GetOEMCP
IsValidCodePage
HeapSize
ExitProcess
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapCreate
VirtualFree
QueryPerformanceCounter

user32

wvsprintfA
wsprintfA

advapi32

OpenProcessToken
FreeSid
GetTokenInformation
EqualSid
AllocateAndInitializeSid
RegEnumKeyExA
RegQueryValueExA
RegEnumValueA
RegOpenKeyExA
RegSetValueExA
RegCloseKey
OpenThreadToken

shell32

SHGetSpecialFolderPathA

shlwapi

StrStrIA
SHRegCloseUSKey
SHRegCreateUSKeyA

wininet

HttpQueryInfoA
InternetSetFilePointer
InternetConnectA
InternetReadFile
HttpOpenRequestA
HttpSendRequestA
InternetOpenA
InternetOpenUrlA
InternetQueryOptionA
InternetCloseHandle

dnsapi

DnsQuery_A
DnsRecordListFree

ws2_32

WSAStartup
gethostbyname

Sections

.text
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 1000B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 614B - Virtual size: 614B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1e419bfcbd89b5e6efc6c0ea79c8c905

Headers

DLL Characteristics

File Characteristics

Imports

urlmon

psapi

version

kernel32

user32

advapi32

shell32

shlwapi

wininet

dnsapi

ws2_32

Sections

.text Size: 116KB - Virtual size: 116KB

.data Size: 96KB - Virtual size: 96KB

.bss Size: 1000B - Virtual size: 1000B

.rdata Size: 7KB - Virtual size: 7KB

.idata Size: 614B - Virtual size: 614B

.rsrc Size: 3KB - Virtual size: 3KB

.text
Size: 116KB - Virtual size: 116KB

.data
Size: 96KB - Virtual size: 96KB

.bss
Size: 1000B - Virtual size: 1000B

.rdata
Size: 7KB - Virtual size: 7KB

.idata
Size: 614B - Virtual size: 614B

.rsrc
Size: 3KB - Virtual size: 3KB