84cc3567c8d2a135d3c7063c29fd2ce6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

84cc3567c8d2a135d3c7063c29fd2ce6_JaffaCakes118
Size

323KB
MD5

84cc3567c8d2a135d3c7063c29fd2ce6
SHA1

a8c8e1f38d8c027da07c841e0e633a8bd4015139
SHA256

e97b0079f946f4b3553c340fd4a029948fb753ae7adf264ea2f3e3e56384b6d5
SHA512

dc4b3771f69966aa85d416741d6aed97b8239301e7f3004dbb06059bec66b66f2f7a6962cfd755ac60b5fa86e65cf4d4fa118736406b87a0c79260670ca2b250
SSDEEP

6144:Cpk8yJc7Mm5OljOzW/DeEL9XjEovQZivNXLkrr0EOcpRdqtTS4W:CuqMm5g7DeEBXjEoSil7kr44wW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
84cc3567c8d2a135d3c7063c29fd2ce6_JaffaCakes118

Files

84cc3567c8d2a135d3c7063c29fd2ce6_JaffaCakes118
.exe windows:5 windows x86 arch:x86

34b2a3cc38fe315dbb33b7f5c8d27d80

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\sogoupy_R_5_2\PinyinDev\bin\SogouInput\SogouCloud.pdb

Imports

imm32

ImmDisableIME

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

ws2_32

send
WSAStartup
WSACleanup
gethostbyaddr
closesocket
WSASetLastError
getservbyname
socket
recv
getservbyport
setsockopt
ntohs
gethostbyname
connect
inet_ntoa
htons
WSAGetLastError
htonl
inet_addr

kernel32

CreateFileMappingW
OpenFileMappingW
CloseHandle
GetCommandLineW
GetCurrentProcess
GetModuleHandleW
LoadLibraryW
GetModuleFileNameW
GetTempPathW
GetProcAddress
GetCurrentProcessId
InterlockedIncrement
SetFilePointer
CreateProcessW
WriteFile
FormatMessageW
ExitThread
SetLastError
CreateEventW
WaitForMultipleObjects
GetCurrentThreadId
DuplicateHandle
LocalFree
CreateThread
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
Sleep
OpenEventW
FindFirstFileW
FindClose
LocalAlloc
FindNextFileW
CreateMutexW
WaitForSingleObject
OpenMutexW
ReleaseMutex
MoveFileExW
CreateDirectoryW
FileTimeToSystemTime
DeleteFileW
SetFileAttributesW
WideCharToMultiByte
MultiByteToWideChar
GetSystemDirectoryW
RemoveDirectoryW
GetLastError
ReadFile
FlushFileBuffers
VirtualQuery
SetUnhandledExceptionFilter
GetLocalTime
lstrcatW
IsDebuggerPresent
lstrcpyW
SetEvent
ConnectNamedPipe
CreateNamedPipeW
InterlockedExchange
GetOverlappedResult
DisconnectNamedPipe
FreeLibrary
GetSystemDirectoryA
LoadLibraryA
HeapFree
HeapAlloc
HeapReAlloc
GetStartupInfoW
GetSystemTimeAsFileTime
FileTimeToLocalFileTime
GetDriveTypeW
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
HeapCreate
VirtualFree
VirtualAlloc
ExitProcess
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedDecrement
HeapSize
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RaiseException
GetFullPathNameW
GetCurrentDirectoryA
GetTimeZoneInformation
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetDriveTypeA
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
CreateFileW
UnmapViewOfFile
MapViewOfFile
GetFileSize

user32

wvsprintfW
GetSystemMetrics

advapi32

OpenProcessToken
LookupAccountSidW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
BuildExplicitAccessWithNameW
GetSecurityDescriptorSacl
GetSidLengthRequired
SetEntriesInAclW
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
InitializeAcl
GetNamedSecurityInfoW
SetNamedSecurityInfoW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetTokenInformation
AddAccessAllowedAceEx

shell32

SHGetFolderPathW

wininet

InternetGetConnectedState

Sections

.text
Size: 151KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 10KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.drdata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

34b2a3cc38fe315dbb33b7f5c8d27d80

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

imm32

version

ws2_32

kernel32

user32

advapi32

shell32

wininet

Sections

.text Size: 151KB - Virtual size: 151KB

.rdata Size: 42KB - Virtual size: 42KB

.data Size: 10KB - Virtual size: 23KB

.rsrc Size: 27KB - Virtual size: 26KB

.reloc Size: 14KB - Virtual size: 13KB

.drdata Size: 72KB - Virtual size: 72KB

.text
Size: 151KB - Virtual size: 151KB

.rdata
Size: 42KB - Virtual size: 42KB

.data
Size: 10KB - Virtual size: 23KB

.rsrc
Size: 27KB - Virtual size: 26KB

.reloc
Size: 14KB - Virtual size: 13KB

.drdata
Size: 72KB - Virtual size: 72KB