6a12d68f73edb9218a4ae7dbc0f9bb72_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6a12d68f73edb9218a4ae7dbc0f9bb72_JaffaCakes118
Size

87KB
MD5

6a12d68f73edb9218a4ae7dbc0f9bb72
SHA1

dcc2c75945c3b4c39eb5025664afd05e8172418d
SHA256

fa0b829905c9818594db60790701eae369e804b2f21ca38db82436c514a83bbb
SHA512

7b24220c33ca127d59a9e1853e7850c15a6bc8dd08115bf2c86c60b075d4519081dade4942a6dfcfbe935b29abb3f1f8c4738201a940222047775da40ebf3b64
SSDEEP

1536:CQLqk1Zo/hNwcjYF4TAsFy4vjjjZzFYC:Cspo/hNwcjYF4TAsFLYC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6a12d68f73edb9218a4ae7dbc0f9bb72_JaffaCakes118

Files

6a12d68f73edb9218a4ae7dbc0f9bb72_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e13cdea292e27c5e077a81c53d34dfc8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\work\grabber\grab\src\grabber\Release\grabber.pdb

Imports

msvcrt

_adjust_fdiv
malloc
_initterm
fclose
free
fputs
??2@YAPAXI@Z
mbstowcs
system
wcsncmp
wcscpy
wcsstr
fseek
ftell
srand
rand
_strupr
strcmp
_strlwr
memcpy
fwrite
fflush
strrchr
_except_handler3
fgetc
wcsncpy
wcslen
sscanf
strncat
strncmp
strchr
strtol
sprintf
strstr
strcpy
memset
strncpy
strlen
strcat
fgets
feof
strtok
fopen
fread
_stricmp

kernel32

DisableThreadLibraryCalls
GetModuleFileNameA
lstrlenW
LocalFree
GetLocalTime
GetCurrentDirectoryA
GetVersionExA
FreeLibrary
HeapCreate
GetModuleHandleA
SetUnhandledExceptionFilter
DeleteFileA
Sleep
ExitProcess
OpenProcess
CreateToolhelp32Snapshot
Process32First
Process32Next
HeapFree
CloseHandle
ReadFile
GetFileSize
CreateFileA
GetPrivateProfileStringA
GetCurrentProcess
GetProcAddress
LoadLibraryA
lstrcatA
lstrcmpA
GetFileAttributesA
lstrcpynA
FindNextFileA
FindFirstFileA
lstrcpyA
lstrlenA
HeapAlloc
GetTickCount

user32

CreateWindowExA
SendMessageA
ShowWindow
GetMessageA
TranslateMessage
DispatchMessageA
PostQuitMessage
GetClientRect
MoveWindow
DefWindowProcA
RegisterClassA
LoadCursorA
wsprintfA
GetWindowTextA
EnumWindows

gdi32

CreateFontA

advapi32

CloseServiceHandle
GetUserNameA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegOpenKeyA
RegEnumKeyA
RegQueryValueExA
OpenProcessToken
RegOpenKeyExA
StartServiceA
ChangeServiceConfigA
OpenServiceA
OpenSCManagerA
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextA
RegEnumValueA

shell32

SHGetFolderPathA

ws2_32

gethostbyname
socket
connect
send
recv
WSAStartup
htons

crypt32

CryptUnprotectData

Exports

Exports

grab

Sections

.text
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e13cdea292e27c5e077a81c53d34dfc8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

user32

gdi32

advapi32

shell32

ws2_32

crypt32

Exports

Exports

Sections

.text Size: 67KB - Virtual size: 66KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 5KB - Virtual size: 19KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 67KB - Virtual size: 66KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 5KB - Virtual size: 19KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 4KB - Virtual size: 3KB