8436c6cfa58531bbbd9dad956cd4e972_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8436c6cfa58531bbbd9dad956cd4e972_JaffaCakes118
Size

49KB
MD5

8436c6cfa58531bbbd9dad956cd4e972
SHA1

00c5ce42a4e10f0c7df2fa40bdd98e82aa98bdc5
SHA256

be54577b455f7bcfab343612341597eda4fb0e8ea95e2ad49c380af0ab691416
SHA512

1289b352c26879a7652c60004e326eff1941c5b38c29294568534c83147fad8ed31971925b1a526690da8216984c84fe80bff2b94aa4190b2b60c823dffd4f51
SSDEEP

1536:78+sRN9wTPBt+oXNy3Ua25DmlSD9JJfxPKsuHi:78+sRsBt+oXNy3Ua2VVD9JJfUrHi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8436c6cfa58531bbbd9dad956cd4e972_JaffaCakes118

Files

8436c6cfa58531bbbd9dad956cd4e972_JaffaCakes118
.exe windows:4 windows x86 arch:x86

36f90ffecd1a0901c03e88848e37c6f4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlUnwind
_chkstk
memset
_strnicmp
memcpy

ole32

IsEqualGUID
CreateStreamOnHGlobal
CoTaskMemFree
CoCreateGuid
CoTaskMemAlloc
GetHGlobalFromStream

kernel32

FlushFileBuffers
GetCommandLineA
GetCurrentProcess
GetCurrentProcessId
GetDriveTypeA
GetFullPathNameA
GetLastError
GetLogicalDriveStringsA
GetModuleFileNameA
GetProcAddress
GetTickCount
GetVersionExA
GetWindowsDirectoryA
CreateNamedPipeA
GlobalFree
GlobalLock
GlobalUnlock
InterlockedDecrement
InterlockedIncrement
LoadLibraryA
LocalAlloc
LocalFree
FindNextFileA
OpenProcess
Process32First
Process32Next
ReadFile
Sleep
SystemTimeToTzSpecificLocalTime
TerminateProcess
VirtualAllocEx
WideCharToMultiByte
WriteFile
WriteProcessMemory
CreateMutexA
lstrcmpA
lstrcmpiA
lstrcpyA
lstrlenA
lstrlenW
FindFirstFileA
FindClose
FileTimeToSystemTime
ExitThread
ExitProcess
CreateFileA
CopyFileA
ConnectNamedPipe
CloseHandle
DisconnectNamedPipe
DeleteFileA
DeviceIoControl
CreateToolhelp32Snapshot
CreateThread
MultiByteToWideChar
CreateRemoteThread
GlobalAlloc
lstrcatA

user32

EnumWindows
DispatchMessageA
DestroyWindow
CreateWindowExA
wsprintfA
ExitWindowsEx
GetForegroundWindow
GetMessageA
GetWindowDC
GetWindowRect
GetWindowTextA
RegisterClassA
ReleaseDC
ShowWindow
TranslateMessage

advapi32

LookupPrivilegeValueA
IsTextUnicode
DeleteService
CreateServiceA
ControlService
CloseServiceHandle
OpenProcessToken
OpenSCManagerA
OpenServiceA
RegCloseKey
RegCreateKeyA
RegEnumValueA
RegOpenKeyA
RegQueryValueExA
RegSetValueExA
StartServiceA
ChangeServiceConfigA
AdjustTokenPrivileges

shlwapi

StrDupA
StrRChrIA
StrStrIA
StrToIntA

shell32

SHGetFolderPathA
ShellExecuteA

gdi32

GetDIBits
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
DeleteObject
SelectObject

wininet

InternetConnectA
InternetGetConnectedState
InternetOpenA
InternetCloseHandle
HttpSendRequestA
HttpOpenRequestA
HttpAddRequestHeadersA
FindNextUrlCacheEntryA
FindFirstUrlCacheEntryA
FindCloseUrlCache
DeleteUrlCacheEntryA

urlmon

URLOpenBlockingStreamA
URLDownloadToFileA
URLOpenPullStreamA

crypt32

CertCloseStore
PFXExportCertStoreEx
CertOpenSystemStoreA

ws2_32

WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
gethostbyname
gethostname
inet_addr
listen
recv
select
send
socket
inet_ntoa
WSAGetLastError
gethostbyaddr
recvfrom
WSAIoctl
setsockopt

Sections

.text
Size: 44KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tDATE
Size: 235B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

36f90ffecd1a0901c03e88848e37c6f4

Headers

File Characteristics

Imports

ntdll

ole32

kernel32

user32

advapi32

shlwapi

shell32

gdi32

wininet

urlmon

crypt32

ws2_32

Sections

.text Size: 44KB - Virtual size: 86KB

.rdata Size: 4KB - Virtual size: 4KB

.tDATE Size: 235B - Virtual size: 4KB

.text
Size: 44KB - Virtual size: 86KB

.rdata
Size: 4KB - Virtual size: 4KB

.tDATE
Size: 235B - Virtual size: 4KB