70399d66c0559db8391e13e5855d42df_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

70399d66c0559db8391e13e5855d42df_JaffaCakes118
Size

412KB
MD5

70399d66c0559db8391e13e5855d42df
SHA1

8e913c34bd3c1c47556b85733a36228ee204d807
SHA256

8cb5919cae62e6398708f5c86251da1c60670fa17de6d10970be1fa668bfd033
SHA512

6d7983b824246939ce9dd54681b33bc77eb3415b27a6eec9d17757760636086d7d4fd5fc3b9178c8f69b66aed045208b99d53aeb76fce6f44fce85fd026f066f
SSDEEP

6144:YVTNtq+0a7sv1LxPR0T4cw5u4KoeyZ1UCzp4G4VV9bQigE9bZatW42KVC4n:cq+nsv1Lr03AlebCELT4V

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
70399d66c0559db8391e13e5855d42df_JaffaCakes118

Files

70399d66c0559db8391e13e5855d42df_JaffaCakes118
.exe windows:4 windows x86 arch:x86

08dcdb1258f93d693c6f40b447df98cc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WideCharToMultiByte
lstrlenW
CreateFileA
CreateFileW
FreeLibrary
WriteFile
ReadFile
GetFileSize
SetFilePointer
GetVersionExA
SetLastError
DuplicateHandle
GetCurrentProcess
SetEndOfFile
GetModuleFileNameA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetACP
GetModuleFileNameW
lstrlenA
LocalFree
InterlockedCompareExchange
GetCurrentThread
lstrcmpW
DeleteCriticalSection
RaiseException
DisableThreadLibraryCalls
GetModuleHandleA
MultiByteToWideChar
InterlockedDecrement
InterlockedIncrement
lstrcmpiA
WritePrivateProfileStringW
WritePrivateProfileStringA
GetPrivateProfileStringA
Sleep
GetLastError
TlsGetValue
TlsSetValue
CloseHandle
EnterCriticalSection
LeaveCriticalSection
GetComputerNameW
GetSystemTimeAsFileTime
IsDBCSLeadByte
InterlockedExchange
GlobalFree
VirtualProtect
GlobalAlloc
GetCommandLineA
TerminateProcess
GetStartupInfoA

user32

CheckDlgButton
GetDlgItem
SetForegroundWindow
BringWindowToTop
GetFocus
GetParent
GetWindowLongA
MessageBoxA
FindWindowW
EnableWindow
SendMessageA
LoadStringW
LoadStringA
GetDesktopWindow

advapi32

CryptCreateHash
CryptHashData
CryptReleaseContext
RegCloseKey
RegQueryValueExW
RegCreateKeyExW
RegQueryValueA
CloseServiceHandle
CryptDestroyHash
RegDeleteKeyA
RegOpenKeyA
RegSetValueA
RegCreateKeyA
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
OpenThreadToken
ConvertStringSecurityDescriptorToSecurityDescriptorW
TraceMessage
CryptGetHashParam

ole32

CoCreateInstance
StringFromCLSID
CoInitialize
CoUninitialize

rpcrt4

RpcServerRegisterIfEx
RpcServerInqBindings
RpcEpRegisterW
RpcServerInqDefaultPrincNameW
RpcServerRegisterAuthInfoW
RpcStringFreeW
RpcStringBindingParseW
RpcImpersonateClient
RpcRevertToSelf
RpcServerUseProtseqW
RpcBindingInqAuthClientW
RpcBindingToStringBindingW

msvcr71

_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_cexit
_ismbblead
_exit
_c_exit
_adjust_fdiv
_wtoi
iswdigit
vswprintf
memmove
_XcptFilter
_amsg_exit
malloc
sprintf
wcsstr
wcslen
realloc
free
_wcsnicmp
memset
_except_handler3
wcsncmp
_ui64tow
_itow
memcpy

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 364KB - Virtual size: 360KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 357KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

08dcdb1258f93d693c6f40b447df98cc

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

rpcrt4

msvcr71

Sections

.text Size: 36KB - Virtual size: 33KB

.rdata Size: 364KB - Virtual size: 360KB

.data Size: 4KB - Virtual size: 357KB

.rsrc Size: 4KB - Virtual size: 1024B

.text
Size: 36KB - Virtual size: 33KB

.rdata
Size: 364KB - Virtual size: 360KB

.data
Size: 4KB - Virtual size: 357KB

.rsrc
Size: 4KB - Virtual size: 1024B