84d0e75f344b2e369359430dfd4bc338_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

84d0e75f344b2e369359430dfd4bc338_JaffaCakes118
Size

84KB
MD5

84d0e75f344b2e369359430dfd4bc338
SHA1

57d3d9f92f0f17906067c9c0eaa76c3bdd708e94
SHA256

6104ec6cf496fdc8ed4f3bf3dbe3db0af11d4d3fe76f1d3049018b70b5d53d4d
SHA512

054d4f887507a3bbaa29a908f2beaf899e03238db0c7225fc06636fadee3563887c747eceb6f58567350e79871be9ed5b777a45d9395da9392de0f89bdc3aeaa
SSDEEP

1536:ZO7Zp8T3BwAJqKtXsoqFlZ17XCRWHuLznzA5r/T:87z8TTqKtXsjFlZ15Hur6r/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
84d0e75f344b2e369359430dfd4bc338_JaffaCakes118

Files

84d0e75f344b2e369359430dfd4bc338_JaffaCakes118
.exe windows:5 windows x86 arch:x86

7b75c9ab7561a18f7b789fd69d6cc5fc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GlobalLock
InitializeCriticalSection
LeaveCriticalSection
GlobalUnlock
EnterCriticalSection
GetLastError
SetLastError
ResetEvent
GetEnvironmentVariableW
FileTimeToDosDateTime
GetTempFileNameW
HeapReAlloc
CreateMutexW
FindFirstFileW
SetEndOfFile
CreateProcessW
HeapAlloc
SystemTimeToFileTime
SetFilePointerEx
HeapFree
GetProcessHeap
IsBadReadPtr
SetFileTime
VirtualQueryEx
WriteFile
Thread32First
WideCharToMultiByte
WriteProcessMemory
SetFileAttributesW
HeapCreate
Thread32Next
ReadFile
GetTimeZoneInformation
MultiByteToWideChar
FlushFileBuffers
GetTempPathW
GetFileSizeEx
OpenMutexW
VirtualProtectEx
VirtualAllocEx
FindClose
RemoveDirectoryW
FindNextFileW
VirtualProtect
GetFileTime
ReleaseMutex
FileTimeToLocalFileTime
GetVolumeNameForVolumeMountPointW
DeleteFileW
GetFileInformationByHandle
CreateThread
ExpandEnvironmentStringsW
GetLocalTime
GetCurrentProcessId
DuplicateHandle
WTSGetActiveConsoleSessionId
CreateFileW
LoadLibraryW
CreateDirectoryW
FreeLibrary
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
OpenEventW
GetProcAddress
OpenProcess
HeapDestroy
CreateRemoteThread
VirtualFree
GetModuleHandleW
SetEvent
GetComputerNameW
SetErrorMode
GetCommandLineW
ExitProcess
WaitForMultipleObjects
CreateEventW
GetUserDefaultUILanguage
lstrcmpiW
GetModuleFileNameW
GetThreadContext
GetFileAttributesW
Sleep
GetTickCount
MoveFileExW
lstrcmpiA
SetThreadPriority
GetCurrentThread
WaitForSingleObject
LocalFree
GetVersionExW
GetNativeSystemInfo
GetSystemTime
CloseHandle
GetFileAttributesExW
GetProcessId
VirtualAlloc
VirtualFreeEx
SetThreadContext
ReadProcessMemory

user32

PeekMessageW
CharUpperW
CharLowerA
CharLowerW
CharLowerBuffA
MsgWaitForMultipleObjects
DispatchMessageW
GetKeyboardState
LoadImageW
ExitWindowsEx
CharToOemW
GetClipboardData
TranslateMessage
GetCursorPos
GetIconInfo
DrawIcon
ToUnicode

advapi32

LookupPrivilegeValueW
SetNamedSecurityInfoW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CreateProcessAsUserW
RegQueryValueExW
CryptReleaseContext
RegCreateKeyExW
GetTokenInformation
GetSidSubAuthorityCount
OpenThreadToken
CryptAcquireContextW
GetSidSubAuthority
OpenProcessToken
CryptGetHashParam
EqualSid
GetLengthSid
IsWellKnownSid
ConvertSidToStringSidW
CryptCreateHash
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegOpenKeyExW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
CryptDestroyHash
AdjustTokenPrivileges
RegCloseKey
RegSetValueExW
CryptHashData
InitiateSystemShutdownExW

shlwapi

PathRemoveFileSpecW
PathRenameExtensionW
PathRemoveBackslashW
StrCmpNIW
UrlUnescapeA
wvnsprintfW
PathIsDirectoryW
PathFindFileNameW
PathAddBackslashW
SHDeleteValueW
PathSkipRootW
SHDeleteKeyW
PathCombineW
PathAddExtensionW
PathUnquoteSpacesW
PathMatchSpecW
StrCmpNIA
wvnsprintfA
PathIsURLW
PathQuoteSpacesW

shell32

ShellExecuteW
CommandLineToArgvW
SHGetFolderPathW

secur32

GetUserNameExW

ole32

CLSIDFromString
StringFromGUID2

ws2_32

listen
closesocket
WSASetLastError
freeaddrinfo
socket
bind
recv
getpeername
recvfrom
sendto
WSAIoctl
connect
WSAStartup
getaddrinfo
select
WSAGetLastError
shutdown
setsockopt
WSAEventSelect
getsockname
accept
send

crypt32

PFXImportCertStore
PFXExportCertStoreEx
CertDeleteCertificateFromStore
CertOpenSystemStoreW
CertCloseStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext

wininet

HttpSendRequestExW
InternetQueryOptionA
InternetOpenA
HttpOpenRequestA
InternetSetOptionA
InternetCrackUrlA
InternetQueryOptionW
InternetConnectA
HttpAddRequestHeadersA
HttpAddRequestHeadersW
InternetSetStatusCallbackW
GetUrlCacheEntryInfoW
HttpSendRequestA
HttpSendRequestW
InternetReadFile
InternetReadFileExA
InternetQueryDataAvailable
HttpQueryInfoA
HttpSendRequestExA
InternetCloseHandle

netapi32

NetApiBufferFree
NetUserEnum
NetUserGetInfo

Sections

.text
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7b75c9ab7561a18f7b789fd69d6cc5fc

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

shell32

secur32

ole32

ws2_32

crypt32

wininet

netapi32

Sections

.text Size: 79KB - Virtual size: 79KB

.data Size: 512B - Virtual size: 6KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 79KB - Virtual size: 79KB

.data
Size: 512B - Virtual size: 6KB

.reloc
Size: 3KB - Virtual size: 3KB