747ddd0a1f7298bb0f971107ff44dcf6_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

747ddd0a1f7298bb0f971107ff44dcf6_JaffaCakes118
Size

82KB
MD5

747ddd0a1f7298bb0f971107ff44dcf6
SHA1

ec7afa6a7c2f2cb92dc31047e65b2d26741d8964
SHA256

c98788673b6ba90407207cc081af7e4bd2110926f0837c93e3075ae119fa945b
SHA512

5ce113b2d8d7710529c7f3a2ced2432d99f4cfca2617209c513cdf491b4a87430808e042b62c39f74b43a49aace929b940f8494ac826865893dfe3ae07403dff
SSDEEP

1536:EHZEJmq8CtoaehWhnBfP5+Zu1CnthDVvKkdLIVj9PiR/n/t:E6u8Jeu5v1CDDAoAqR/n1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
747ddd0a1f7298bb0f971107ff44dcf6_JaffaCakes118

Files

747ddd0a1f7298bb0f971107ff44dcf6_JaffaCakes118
.exe windows:6 windows x86 arch:x86

4c70968e2138a9c81644c0ba080a5744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

logagent.pdb

Imports

msvcrt

_vsnprintf
_vsnwprintf
??_V@YAXPAX@Z
wcsncmp
wcschr
memset
memcpy
??3@YAXPAX@Z
??_U@YAPAXI@Z
??2@YAPAXI@Z
_wcsicmp
_wcsnicmp
_controlfp
_lock
__dllonexit
_unlock
__set_app_type
__p__fmode
iswalpha
__p__commode
_adjust_fdiv
__setusermatherr
_amsg_exit
_initterm
_acmdln
exit
_ismbblead
free
swscanf
iswdigit
iswcntrl
iswascii
wcsspn
wcscspn
strchr
_strnicmp
towupper
_onexit
_wtoi
_beginthreadex
_XcptFilter
_exit
_cexit
__getmainargs
__CxxFrameHandler
_purecall
realloc
_stricmp
sscanf
malloc
_ultow

advapi32

GetAce
RegQueryValueExA
RegCreateKeyExW
RegDeleteKeyW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
OpenProcessToken
GetTokenInformation
MakeSelfRelativeSD
GetSecurityDescriptorLength
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorOwner
AddAce
AddAccessDeniedAce
AddAccessAllowedAce
EqualSid
DeleteAce
GetSecurityDescriptorGroup
MakeAbsoluteSD
RegDeleteValueW
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
GetLengthSid
InitializeSecurityDescriptor
InitializeAcl
SetSecurityDescriptorDacl
GetAclInformation
RegEnumKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumValueA
FreeSid
AllocateAndInitializeSid

kernel32

SetEvent
LocalFree
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
EnterCriticalSection
LeaveCriticalSection
ReleaseSemaphore
InterlockedDecrement
HeapFree
GetProcessHeap
HeapAlloc
CloseHandle
GetLastError
WideCharToMultiByte
MultiByteToWideChar
WaitForMultipleObjects
LoadLibraryW
CreateSemaphoreA
GetVersionExA
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
lstrlenW
lstrlenA
IsDBCSLeadByte
lstrcmpiA
lstrcatA
lstrcpynA
lstrcpyA
GetModuleFileNameA
FreeLibrary
GetProcAddress
LoadLibraryA
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
GetCurrentThreadId
GetCommandLineA
GetModuleHandleA
GetModuleHandleW
InterlockedExchange
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
Sleep
InterlockedCompareExchange
GetStartupInfoA
RtlUnwind
LocalAlloc
GetVersionExW
CreateEventW
WaitForSingleObject
CreateEventA
HeapSize
WaitForSingleObjectEx
SetThreadPriority
GetCurrentThread
FreeLibraryAndExitThread
CreateThread

user32

DispatchMessageA
CreateWindowExA
SetWindowLongA
DestroyWindow
PostQuitMessage
GetWindowLongA
DefWindowProcA
PostMessageA
CharNextA
PostThreadMessageA
CharPrevA
RegisterClassA
GetMessageA

ole32

CoUninitialize
CoInitializeEx
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoSuspendClassObjects
CoCreateInstance
CoInitialize
CoCreateGuid

oleaut32

SysFreeString
SysAllocString
VarUI4FromStr
LoadTypeLi
RegisterTypeLi
SysStringLen

wininet

InternetReadFile
HttpQueryInfoA
HttpEndRequestA
HttpSendRequestExW
InternetErrorDlg
InternetQueryOptionA
InternetQueryDataAvailable
HttpOpenRequestW
InternetOpenW
InternetCloseHandle
InternetConnectW
InternetCrackUrlW
InternetSetOptionA
HttpQueryInfoW

wsock32

bind
shutdown
closesocket
getsockopt
getpeername
getsockname
inet_ntoa
WSACleanup
WSAStartup
ntohl
WSAGetLastError
setsockopt
ntohs
htons
socket
WSAAsyncSelect
inet_addr

Sections

.text
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4c70968e2138a9c81644c0ba080a5744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

kernel32

user32

ole32

oleaut32

wininet

wsock32

Sections

.text Size: 78KB - Virtual size: 77KB

.data Size: 512B - Virtual size: 2KB

.rsrc Size: 3KB - Virtual size: 2KB

.text
Size: 78KB - Virtual size: 77KB

.data
Size: 512B - Virtual size: 2KB

.rsrc
Size: 3KB - Virtual size: 2KB