846da0bb1945090825ceb5dbe780bf4c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

846da0bb1945090825ceb5dbe780bf4c_JaffaCakes118
Size

132KB
MD5

846da0bb1945090825ceb5dbe780bf4c
SHA1

6f8cc274dc23753f85d13dab3604da02cbc3ee45
SHA256

7902daa8ec6a970a2e9551f66ee493c998daade7fe0cc3e468713cec8e953eaf
SHA512

4c4910a6cc70bb9f87bbf69356a8aa73d1818edf799a5d7c96e84903aff5a7efddcd575de2f33b95b9c01e10217c75363b7347ad659b243c8330f80bdaaf246a
SSDEEP

3072:uT/L/mWUfRTThDzRce6l+PuURbEDlzj6I:2IRlP8iEz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
846da0bb1945090825ceb5dbe780bf4c_JaffaCakes118

Files

846da0bb1945090825ceb5dbe780bf4c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

64ba0ed08da3b84726c317d1ab4320a8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpA
InterlockedExchange
GetVersionExA
GetACP
GetLocaleInfoA
Process32Next
Process32First
CreateToolhelp32Snapshot
CreateRemoteThread
WriteProcessMemory
VirtualProtectEx
VirtualQueryEx
VirtualAllocEx
OpenProcess
GetCurrentProcessId
DeleteCriticalSection
GetModuleFileNameA
InitializeCriticalSection
SetFilePointer
GetFileSize
GetTickCount
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateMutexA
CopyFileA
FindClose
FindFirstFileA
ExitProcess
OpenMutexA
GetVersion
LeaveCriticalSection
GetModuleHandleA
OutputDebugStringA
Module32Next
Module32First
MoveFileA
VirtualFree
ReadFile
VirtualAlloc
GetSystemDirectoryA
MultiByteToWideChar
WideCharToMultiByte
GetLocalTime
ExitThread
CreateThread
CreateProcessA
HeapReAlloc
lstrcpynA
lstrcpyW
lstrcatW
GetWindowsDirectoryW
lstrcpynW
MoveFileW
CreateFileW
DuplicateHandle
CompareStringW
GetSystemDirectoryW
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
SetStdHandle
FlushFileBuffers
LCMapStringW
LCMapStringA
GetSystemInfo
VirtualQuery
FreeLibrary
GetProcessHeap
HeapAlloc
HeapFree
FlushInstructionCache
VirtualProtect
SetLastError
lstrcmpiA
Sleep
LoadLibraryA
GetProcAddress
GetCurrentProcess
GetLastError
DeleteFileA
lstrcatA
WinExec
CreateFileA
WriteFile
CloseHandle
lstrcpyA
EnterCriticalSection
IsBadCodePtr
IsBadReadPtr
GetCPInfo
GetOEMCP
GetStringTypeW
GetStringTypeA
IsBadWritePtr
SetUnhandledExceptionFilter
HeapCreate
HeapDestroy
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
HeapSize
GetCommandLineA
GetStartupInfoA
TerminateProcess
RtlUnwind
InterlockedExchangeAdd

user32

CharUpperW
GetSystemMetrics
wsprintfW
wsprintfA
ExitWindowsEx
CharUpperA

advapi32

RegCreateKeyA
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyA
RegEnumKeyExA
GetUserNameW
RegOpenKeyExA
AllocateAndInitializeSid
LookupAccountSidW
FreeSid
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
RegSetValueExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegDeleteKeyA
RegOpenKeyA
RegQueryValueExA
RegCloseKey

shlwapi

SHDeleteValueA
SHSetValueA
SHGetValueA

userenv

GetUserProfileDirectoryA

ws2_32

setsockopt
bind
WSAIoctl
recvfrom
gethostbyaddr
WSAGetLastError
WSAStartup
gethostname
gethostbyname
ntohl
inet_addr
inet_ntoa
socket
recv
accept
listen
closesocket
WSASocketA
select
ioctlsocket
connect
send
htons
__WSAFDIsSet

urlmon

ObtainUserAgentString

netapi32

NetUserAdd
NetApiBufferFree
NetUserGetInfo
NetLocalGroupAddMembers

wininet

InternetCloseHandle
InternetConnectA
InternetOpenA
InternetReadFile
InternetOpenUrlA
HttpOpenRequestA
HttpQueryInfoA
InternetQueryOptionA
FindFirstUrlCacheEntryA
DeleteUrlCacheEntry
FindNextUrlCacheEntryA
InternetSetStatusCallback
HttpAddRequestHeadersA
FindCloseUrlCache

Sections

.text
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

64ba0ed08da3b84726c317d1ab4320a8

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

userenv

ws2_32

urlmon

netapi32

wininet

Sections

.text Size: 92KB - Virtual size: 91KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 12KB - Virtual size: 155KB

.text
Size: 92KB - Virtual size: 91KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 12KB - Virtual size: 155KB