827fcade969f629347df0dca779857c5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

827fcade969f629347df0dca779857c5_JaffaCakes118
Size

1.9MB
MD5

827fcade969f629347df0dca779857c5
SHA1

cea3f7e6d7b50d73f16b20413571d4f7fd11309a
SHA256

110ca612a0f7853d3e97d26d0f68df9dd3ae9b9559d8d711b122d67ac42d4549
SHA512

4df3c41854d8359e5ece7715e37c7140d6fd64c53b97204ff321f42936e64d609cc557a8d1e08059a9c0ed5650a52c50b6612e2263265020a1f399b0536e98ee
SSDEEP

24576:Jf8hAXlD2FNTPaPhpWTEDl6ufr+4ArTEJe/MXny14rR+6PMBquI+7yN2PAvUb2j:ZDAFS2TExeTD/M3U4rQaMvI+7yQPAI2j

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
827fcade969f629347df0dca779857c5_JaffaCakes118

Files

827fcade969f629347df0dca779857c5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1830114513f6f597435f788e3b228d52

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\rmtest\pc\_base\util\FnFProtectRun2.pdb

Imports

wsock32

WSAStartup
WSACleanup

kernel32

CreateFileA
TerminateProcess
MoveFileExA
GetCurrentThread
MapViewOfFile
CreateEventA
UnmapViewOfFile
LeaveCriticalSection
CreateFileMappingA
CreateThread
InitializeCriticalSection
WaitForSingleObject
DeleteCriticalSection
EnterCriticalSection
SetEvent
GetModuleHandleA
QueryPerformanceCounter
QueryPerformanceFrequency
GetCurrentProcessId
VirtualFree
VirtualAlloc
MoveFileExW
CompareStringA
InterlockedExchange
SetLastError
GetVolumeInformationA
CreateProcessA
SetEnvironmentVariableA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
CreatePipe
GetFileAttributesA
GetConsoleOutputCP
WriteConsoleA
SetCurrentDirectoryA
GetCurrentDirectoryA
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapCreate
HeapDestroy
FlushFileBuffers
GetTickCount
SetHandleCount
SetFilePointer
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetOEMCP
GetACP
GetConsoleMode
GetConsoleCP
WriteFile
ReadFile
GetStringTypeA
LCMapStringA
MoveFileA
DuplicateHandle
GetFileType
SetStdHandle
ExitThread
GetFullPathNameA
GetDriveTypeA
RtlUnwind
RaiseException
GetStartupInfoA
GetCommandLineA
ExitProcess
HeapReAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
GetSystemTimeAsFileTime
GetProcessHeap
HeapAlloc
HeapFree
SetEndOfFile
SetFileAttributesA
GlobalLock
EnumResourceNamesA
OutputDebugStringA
Process32First
CreateMutexA
OpenProcess
Sleep
GetWindowsDirectoryA
FreeLibrary
DeleteFileA
GlobalUnlock
Process32Next
GetExitCodeProcess
InterlockedCompareExchange
InterlockedDecrement
InterlockedIncrement
ResumeThread
CloseHandle
LoadLibraryA
GetLastError
SetThreadPriority
CreateDirectoryA
GetThreadPriority
VirtualQuery
VirtualProtect
GlobalAlloc
CopyFileA
OpenMutexA
OpenFileMappingA
WaitForMultipleObjects
ReleaseMutex
OpenEventA
CreateToolhelp32Snapshot
GetModuleFileNameA
GetCommandLineW
HeapSize
GetVersionExA
FindClose
FindFirstFileA
SetFileTime
FindNextFileA
GetTimeZoneInformation
ReadConsoleInputA
GetConsoleCursorInfo
FreeConsole
SetConsoleTextAttribute
PeekConsoleInputA
GetCurrentThreadId
SetConsoleTitleA
SetConsoleCursorInfo
GetConsoleScreenBufferInfo
SetConsoleCursorPosition
AllocConsole
MulDiv
GetStdHandle
SetConsoleCtrlHandler
GetFileTime

user32

WindowFromPoint
CreateCursor
FillRect
DestroyWindow
CreateWindowExA
GetQueueStatus
DestroyCursor
SetFocus
PostThreadMessageA
AdjustWindowRect
GetWindowTextA
GetSystemMetrics
PeekMessageA
IsWindowVisible
ReleaseDC
ShowWindow
SetCaretPos
CreatePopupMenu
LoadCursorA
SetTimer
DestroyCaret
HideCaret
GetClientRect
GetMessageA
GetDesktopWindow
GetForegroundWindow
PostQuitMessage
EnumDisplayMonitors
DispatchMessageA
GetWindowTextLengthA
TrackPopupMenu
SendMessageA
IntersectRect
GetCursor
SetWindowTextA
GetWindowRect
IsIconic
OpenIcon
LoadImageA
ShowCaret
GetWindowThreadProcessId
MessageBoxA
GetCursorPos
RegisterClassA
AppendMenuA
ClientToScreen
RegisterWindowMessageA
CreateCaret
CloseClipboard
GetDC
OpenClipboard
IsWindow
GetWindowPlacement
PostMessageA
MoveWindow
SetForegroundWindow
TranslateMessage
GetClassNameA
DefWindowProcA
EnumWindows
BringWindowToTop
UnregisterClassA
GetSystemMenu
FlashWindowEx
GetParent
GetFocus
DeleteMenu
DrawMenuBar
SetCursor
ReleaseCapture
SetCapture
EndPaint
BeginPaint
SetClipboardData
ScreenToClient

gdi32

SetTextColor
SelectClipRgn
SetBkMode
StretchBlt
GdiFlush
GetStockObject
GetDeviceCaps
SetDIBitsToDevice
GetTextMetricsA
IntersectClipRect
GetObjectA
DeleteDC
DeleteObject
CreateDIBSection
SelectObject
CreateCompatibleDC
BitBlt
GetCharABCWidthsA
CreateFontA
CreateFontIndirectA

advapi32

RegQueryValueExA
RegSetValueExA
RegCloseKey
RegOpenKeyExA
RegEnumValueA
RegCreateKeyExA

shell32

ShellExecuteA

ole32

CoInitializeSecurity
CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

SysFreeString
SysAllocStringByteLen

wininet

InternetReadFile
InternetConnectA
HttpSendRequestA
InternetCloseHandle
InternetOpenA
HttpOpenRequestA
HttpQueryInfoA

winmm

timeBeginPeriod
PlaySoundA
timeEndPeriod
timeGetTime

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 292KB - Virtual size: 289KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 56KB - Virtual size: 425KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 220KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.srdata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1830114513f6f597435f788e3b228d52

Headers

File Characteristics

PDB Paths

Imports

wsock32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

wininet

winmm

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 292KB - Virtual size: 289KB

.data Size: 56KB - Virtual size: 425KB

.rsrc Size: 220KB - Virtual size: 216KB

.srdata Size: 72KB - Virtual size: 72KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 292KB - Virtual size: 289KB

.data
Size: 56KB - Virtual size: 425KB

.rsrc
Size: 220KB - Virtual size: 216KB

.srdata
Size: 72KB - Virtual size: 72KB