7720f9af4edd3f6eb96e05a24cfdd3fe_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

7720f9af4edd3f6eb96e05a24cfdd3fe_JaffaCakes118
Size

864KB
MD5

7720f9af4edd3f6eb96e05a24cfdd3fe
SHA1

cd788e341a71153256a4e4f66f6b90012ae61c47
SHA256

c1570fa14f188f9e6163e3ca23e999c9700ff92c12418514bc78def71b178a61
SHA512

23c9dd783cae03d9e340152752ca76569dc304e0b0d633ae00aaaf72ba0a6bfbb9012600767f7fa9c71b1fd689544f41a0fb2ff85ea8e90d6632f656cc9cc2c0
SSDEEP

24576:tdQOYgcWa83MenEuzFiGkQwj+04s+saktu/qV:TQ6cWa83MenEupikwjcs+sa6u/s

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7720f9af4edd3f6eb96e05a24cfdd3fe_JaffaCakes118

Files

7720f9af4edd3f6eb96e05a24cfdd3fe_JaffaCakes118
.exe windows:5 windows x86 arch:x86

71b7a156feb6224d5361c10ad4a14f1b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetSetCookieA
InternetSetDialStateA
InternetReadFile
InternetAutodialHangup
FtpSetCurrentDirectoryW
GopherGetAttributeW
SetUrlCacheEntryGroupA
InternetCanonicalizeUrlA
RetrieveUrlCacheEntryFileA
FindNextUrlCacheEntryW
InternetSetPerSiteCookieDecisionA
InternetSetCookieExA
InternetCanonicalizeUrlW
CreateUrlCacheContainerA
UnlockUrlCacheEntryFile
FtpSetCurrentDirectoryA
FreeUrlCacheSpaceA
CreateUrlCacheEntryA
InternetDialW
UpdateUrlCacheContentPath
InternetConnectW
InternetOpenUrlW
ShowCertificate
FindNextUrlCacheEntryExW
InternetGetConnectedState
GetUrlCacheConfigInfoW
InternetSetPerSiteCookieDecisionW
InternetTimeFromSystemTimeW
InternetOpenUrlA
ForceNexusLookup
FindFirstUrlCacheGroup
FindFirstUrlCacheContainerW
InternetSetOptionExA
CommitUrlCacheEntryA
GopherGetLocatorTypeW
SetUrlCacheEntryGroup
LoadUrlCacheContent
FtpCommandW
HttpOpenRequestW
InternetQueryDataAvailable
InternetSecurityProtocolToStringA
FtpRenameFileW
InternetSetFilePointer

hlink

HlinkNavigateToStringReference
HlinkCreateExtensionServices
HlinkResolveStringForData
HlinkCreateShortcutFromMoniker
HlinkTranslateURL
HlinkResolveShortcutToString
DllGetClassObject
HlinkSetSpecialReference
HlinkCreateBrowseContext
HlinkResolveMonikerForData
HlinkParseDisplayName
HlinkCreateShortcut
HlinkResolveShortcutToMoniker
HlinkCreateFromString
HlinkGetSpecialReference
HlinkClone
HlinkCreateFromData
HlinkResolveShortcut
HlinkUpdateStackItem
HlinkIsShortcut
HlinkPreprocessMoniker
OleSaveToStreamEx
HlinkOnRenameDocument
HlinkNavigate
HlinkCreateFromMoniker
HlinkGetValueFromParams
HlinkOnNavigate
HlinkQueryCreateFromData
HlinkCreateShortcutFromString

msvcrt

exit
__p__commode
__getmainargs
__set_app_type

wsock32

recvfrom
sendto
accept
WSACleanup
getprotobyname
select
rexec
connect
GetAddressByNameA
WEP
recv
gethostbyaddr
WSAUnhookBlockingHook
inet_addr
inet_network
htons
ioctlsocket
shutdown
gethostbyname
WSApSetPostRoutine
WSAAsyncGetProtoByName
getservbyname
WSAGetLastError
ntohl
SetServiceA
EnumProtocolsA
htonl
WSAAsyncGetServByName
getprotobynumber
socket
bind
ntohs
getnetbyname
WSACancelBlockingCall
GetAddressByNameW
__WSAFDIsSet
rcmd
AcceptEx
WSARecvEx
NPLoadNameSpaces

kernel32

GetConsoleCursorInfo
GetNumberOfConsoleMouseButtons
GetUserDefaultLCID
SetConsoleMenuClose
AddLocalAlternateComputerNameA
FoldStringA
FindNextVolumeA
ShowConsoleCursor
IsValidLocale
SetComputerNameExW
LeaveCriticalSection
LZDone
FindResourceA
ReadDirectoryChangesW
EnumLanguageGroupLocalesW
SetDefaultCommConfigW
GetFileTime
SetConsoleActiveScreenBuffer
GetCurrentDirectoryA
PurgeComm
IsDebuggerPresent
GetExpandedNameW
UnlockFileEx
IsValidCodePage
CreateIoCompletionPort
OpenProcess
GetCommState
lstrcatA
VirtualAlloc
_lopen
GetConsoleTitleA
GetTempFileNameA
RtlCaptureContext
ScrollConsoleScreenBufferW
BackupRead
IsBadStringPtrA
SystemTimeToTzSpecificLocalTime
BackupWrite
CreateMemoryResourceNotification
GetSystemInfo
GetSystemDefaultLCID
ResetEvent
SetVolumeLabelW
AddAtomW
SetConsoleKeyShortcuts
LoadLibraryA
IsDBCSLeadByte
GetTempPathW
EnumDateFormatsW
EnumCalendarInfoW
EnterCriticalSection

lz32

LZCloseFile
LZCopy
LZStart
LZDone
GetExpandedNameA
LZCreateFileW
CopyLZFile
LZInit
GetExpandedNameW
LZOpenFileA
LZRead
LZClose
LZOpenFileW
LZSeek

Sections

.text
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 535KB - Virtual size: 535KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 156KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 512B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

71b7a156feb6224d5361c10ad4a14f1b

Headers

DLL Characteristics

File Characteristics

Imports

wininet

hlink

msvcrt

wsock32

kernel32

lz32

Sections

.text Size: 168KB - Virtual size: 168KB

.rdata Size: 535KB - Virtual size: 535KB

.data Size: 156KB - Virtual size: 1.6MB

.tls Size: 512B - Virtual size: 512B

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 168KB - Virtual size: 168KB

.rdata
Size: 535KB - Virtual size: 535KB

.data
Size: 156KB - Virtual size: 1.6MB

.tls
Size: 512B - Virtual size: 512B

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1KB - Virtual size: 1KB