87b49829937d35db62c5ad9d4084db13_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

87b49829937d35db62c5ad9d4084db13_JaffaCakes118
Size

171KB
MD5

87b49829937d35db62c5ad9d4084db13
SHA1

6b3536b935a485ce51258f5083b976f1481a04fe
SHA256

aa6a02aa990ec2bce2307c6bf181c228ad4a9eb471b1ba9e640e4344aeee3ece
SHA512

f2e8fdd2aefb095182ec6c3324c885b53a0b5b39d4de9f55ec25f185251107660f234bb3e8c95e05b8b7272830465f44615649467d9f77cf654a2311bab15672
SSDEEP

3072:Yw1ndiJ9CdaFDlRN9saNwyRS174jmoa7nqSPQqsmrjhw8p5X0:Yw1ndg9CdsRRasmoCnqSPPnz0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
87b49829937d35db62c5ad9d4084db13_JaffaCakes118

Files

87b49829937d35db62c5ad9d4084db13_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d84c6508005d8122a5fa88c6a4c11c18

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\SecurityProg\kgg\ManualMap\ManualMapMainNew\bin\Main.pdb

Imports

ws2_32

WSAStartup
inet_ntoa
gethostbyname
WSACleanup
gethostname

kernel32

LoadLibraryA
GetSystemDirectoryA
CloseHandle
CreateFileA
GetFileSize
Sleep
VirtualFreeEx
CreateRemoteThread
GetCurrentProcess
GetLastError
OpenMutexA
CopyFileA
SetFileAttributesA
GetSystemTime
GetModuleHandleA
GetModuleFileNameA
ExitProcess
CreateMutexA
Process32Next
Process32First
CreateToolhelp32Snapshot
GetModuleHandleW
OpenProcess
VirtualAllocEx
VirtualProtect
WriteProcessMemory
ReadFile
VirtualProtectEx
LoadLibraryExA
Module32Next
GetProcAddress
SizeofResource
LockResource
LoadResource
FindResourceA
FileTimeToSystemTime
SetFilePointer
GetFileInformationByHandle
MapViewOfFile
CreateFileMappingA
WriteFile
UnmapViewOfFile
SystemTimeToFileTime
GetLocalTime
GetTickCount
lstrlenA
GetProcessHeap
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
GetVersionExA
GetStringTypeW
GetSystemInfo
InitializeCriticalSectionAndSpinCount
GetStringTypeA
Module32First
GetLocaleInfoA
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
MultiByteToWideChar
DeleteFileA
HeapAlloc
GetCommandLineA
GetStartupInfoA
HeapFree
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
WideCharToMultiByte
LCMapStringW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetCurrentProcessId

user32

MessageBoxA
GetKeyState
GetWindowThreadProcessId
GetDesktopWindow
SetWindowsHookExA
SetTimer
GetMessageA
DispatchMessageA
GetKeyboardLayout
MapVirtualKeyExA
GetKeyboardState
ToUnicodeEx
CallNextHookEx
GetForegroundWindow

advapi32

RegSetValueExA
LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges
GetUserNameA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

ole32

CoInitialize
CoCreateInstance

oleaut32

VariantClear
SysAllocString

shlwapi

StrStrIA

Sections

.text
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d84c6508005d8122a5fa88c6a4c11c18

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

Sections

.text Size: 134KB - Virtual size: 134KB

.rdata Size: 30KB - Virtual size: 30KB

.data Size: 5KB - Virtual size: 14KB

.rsrc Size: 63KB - Virtual size: 63KB

.text
Size: 134KB - Virtual size: 134KB

.rdata
Size: 30KB - Virtual size: 30KB

.data
Size: 5KB - Virtual size: 14KB

.rsrc
Size: 63KB - Virtual size: 63KB