845230ada472c8cb05ec531a6337ff15_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

845230ada472c8cb05ec531a6337ff15_JaffaCakes118
Size

775KB
MD5

845230ada472c8cb05ec531a6337ff15
SHA1

dfc4fce3ec66de548fc196f802d975849e5e4d22
SHA256

05e5dbac7fdb862dc91d1f871e110cebdef94277e0b9f839310fc7e88608c69b
SHA512

65605de0830546760981ff0b9f5d64db464b949b691ff3609b7c82885cea9a016f6584e2a8aac8f8df503174fe55dc565e148915fe734f6bfb77a0c90ab77bb9
SSDEEP

12288:jLjv14/UxCYga6Euzjo2865Ygh9rE1L/DLLMqWcTsk5j9x0NP29GS5tcw+:jLjv41aQjo2lSWE1jDTlT59x0NGGSPb+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
845230ada472c8cb05ec531a6337ff15_JaffaCakes118

Files

845230ada472c8cb05ec531a6337ff15_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ea4277dcd1b604f3f0dd9e0b423577c8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

shell32 kernel32

ShellExecuteA ��

kernel32

GetCurrentThreadId
GetLastError
ExitProcess
ExitThread
CreateThread
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
CreateFileA
CloseHandle
GetCommandLineA
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
GetModuleFileNameA
FreeLibrary
HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap
lstrcpynA
lstrcpyA
lstrcmpA
WriteProcessMemory
WriteFile
WinExec
WaitForSingleObject
VirtualProtectEx
VirtualAllocEx
TerminateProcess
SuspendThread
SleepEx
Sleep
SizeofResource
SetThreadContext
SetFileTime
SetFilePointer
SetFileAttributesA
SetEvent
SetErrorMode
ResumeThread
ReadProcessMemory
ReadFile
PeekNamedPipe
OpenProcess
OpenMutexA
MoveFileA
LockResource
LocalFileTimeToFileTime
LoadResource
LoadLibraryA
LeaveCriticalSection
InitializeCriticalSection
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
GetVolumeInformationA
GetVersionExA
GetTickCount
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetProcAddress
GetModuleHandleA
GetLogicalDriveStringsA
GetLastError
GetFileSize
GetFileAttributesA
GetExitCodeThread
GetExitCodeProcess
GetDriveTypeA
GetDiskFreeSpaceExA
GetCurrentThreadId
GetCurrentProcess
GetComputerNameA
FreeResource
FreeLibrary
FindResourceA
FindNextFileA
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
EnterCriticalSection
DosDateTimeToFileTime
DeleteFileA
DeleteCriticalSection
CreateThread
CreateProcessA
CreatePipe
CreateMutexA
CreateFileA
CreateEventA
CreateDirectoryA
CopyFileA
CloseHandle
GlobalMemoryStatusEx
GetVersionExA

user32

CharNextA
CreateWindowExA
mouse_event
keybd_event
UnregisterHotKey
TranslateMessage
ShowWindow
SetWindowTextA
SetThreadDesktop
SetRectEmpty
SetRect
SetProcessWindowStation
SetFocus
SetCursorPos
SetClipboardData
SendMessageA
ReleaseDC
RegisterHotKey
RegisterClassA
PostMessageA
PeekMessageA
OpenWindowStationA
OpenInputDesktop
OpenDesktopA
OpenClipboard
OemToCharA
MsgWaitForMultipleObjects
MapVirtualKeyA
LoadCursorA
IsCharAlphaNumericA
IsCharAlphaA
GetUserObjectInformationA
GetThreadDesktop
GetSystemMetrics
GetProcessWindowStation
GetMessageA
GetLastInputInfo
GetDesktopWindow
GetDC
GetCursorPos
GetClipboardData
FlashWindow
ExitWindowsEx
EmptyClipboard
DrawIcon
DispatchMessageA
DestroyWindow
DefWindowProcA
CloseWindowStation
CloseDesktop
CloseClipboard

advapi32

RegSetValueExA
RegQueryValueExA
RegOpenKeyA
RegEnumKeyA
RegCreateKeyExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
GetUserNameA
AdjustTokenPrivileges
StartServiceA
OpenServiceA
OpenSCManagerA
DeleteService
CreateServiceA
ControlService
CloseServiceHandle

gdi32

SetDIBColorTable
SelectPalette
SelectObject
RealizePalette
PatBlt
GetSystemPaletteEntries
GetStockObject
GetPaletteEntries
GetObjectA
GetDeviceCaps
GetDIBits
GetDIBColorTable
GdiFlush
DeleteObject
DeleteDC
CreatePalette
CreateHalftonePalette
CreateFontA
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateBitmap
BitBlt

msvfw32

ICCompressorFree
ICSeqCompressFrame
ICSeqCompressFrameEnd
ICSeqCompressFrameStart
ICSendMessage
ICClose
ICOpen

avicap32

capCreateCaptureWindowA
capGetDriverDescriptionA

psapi

GetModuleFileNameExA

wsock32

WSAStartup
WSAGetLastError
gethostbyname
socket
shutdown
setsockopt
send
select
recv
ntohs
ntohl
ioctlsocket
inet_ntoa
inet_addr
htons
htonl
connect
closesocket

wininet

InternetGetConnectedState
InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetCloseHandle
HttpQueryInfoA

shell32

SHFileOperationA
ShellExecuteA
ShellExecuteA

ntdll

ZwUnmapViewOfSection

Sections

CODE
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

qq
Size: 640KB - Virtual size: 640KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

qq
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

qq
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

qq
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ea4277dcd1b604f3f0dd9e0b423577c8

Headers

File Characteristics

Imports

shell32 kernel32

kernel32

user32

advapi32

gdi32

msvfw32

avicap32

psapi

wsock32

wininet

shell32

ntdll

Sections

CODE Size: 112KB - Virtual size: 112KB

qq Size: 640KB - Virtual size: 640KB

qq Size: 18KB - Virtual size: 20KB

qq Size: 512B - Virtual size: 4KB

qq Size: 4KB - Virtual size: 4KB

CODE
Size: 112KB - Virtual size: 112KB

qq
Size: 640KB - Virtual size: 640KB

qq
Size: 18KB - Virtual size: 20KB

qq
Size: 512B - Virtual size: 4KB

qq
Size: 4KB - Virtual size: 4KB