896c12fc92a4deaaa1140c81bd985793_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

896c12fc92a4deaaa1140c81bd985793_JaffaCakes118
Size

59KB
MD5

896c12fc92a4deaaa1140c81bd985793
SHA1

fdd5bdaa329b8ba62afada0f7ec4cb465d40a0e1
SHA256

6a34009c56baf13c121d40387df40d1b2c005a0c66b8b8c24384779dd5a7e115
SHA512

0510ce1d6ef1d877a65a031bffd72c13a5b920c659250e1d5ad6098c8bd9d34af1b7fbe00a8878f351719c0aeceb1288669690d7a68780603fb8edc478ac8476
SSDEEP

1536:pVfDF4Nnc8YI1BKcSeku7ScHv10BAPxk4zPoE:HfDF4fYIvKcMcP0yk2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
896c12fc92a4deaaa1140c81bd985793_JaffaCakes118

Files

896c12fc92a4deaaa1140c81bd985793_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8cac96481a8206cbe930e75adbccfcf8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcp60

??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

user32

BringWindowToTop
ShowWindow
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
BlockInput
wsprintfA
CharLowerA
FindWindowExA
SendMessageA
IsWindow
FindWindowA
SetForegroundWindow
SetFocus
VkKeyScanA
keybd_event
GetWindowTextA
GetMenu
EnumWindows

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysFreeString
VariantClear
SysAllocString
VariantInit

kernel32

GlobalLock
GlobalUnlock
GlobalAlloc
GetLocaleInfoA
CreateMutexA
GetStartupInfoA
InterlockedDecrement
CopyFileA
CreateDirectoryA
GetVersionExA
FindClose
MultiByteToWideChar
GetWindowsDirectoryA
GetFileAttributesA
GetLogicalDriveStringsA
SetFileAttributesA
TerminateThread
GetDriveTypeA
FindFirstFileA
SetCurrentDirectoryA
GetFullPathNameA
lstrcatA
FindNextFileA
ReleaseMutex
GetFileSize
SetFilePointer
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GlobalFree
lstrlenA
lstrcpyA
lstrcmpA
ExitThread
Sleep
GetTempPathA
ExitProcess
GetLastError
CreateThread
lstrcmpiA
GetTickCount
QueryPerformanceCounter
QueryPerformanceFrequency
WaitForSingleObject
CreateProcessA
CloseHandle
WriteFile
CreateFileA
ExpandEnvironmentStringsA
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
LoadLibraryA
lstrcpynA

msvcrt

_strlwr
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
strncat
fopen
fread
strtok
_snprintf
toupper
strncpy
strstr
strlen
strcpy
rand
strcmp
sprintf
system
strchr
atoi
__CxxFrameHandler
_EH_prolog
srand
memset
memcpy
strcat
free
malloc
memcmp
_vsnprintf
??2@YAPAXI@Z
_strdup
getenv

advapi32

RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA

ws2_32

socket
sendto
htons
closesocket
setsockopt
WSACleanup
WSASocketA
WSAStartup
connect
ioctlsocket

urlmon

URLDownloadToFileA

Sections

.text
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8cac96481a8206cbe930e75adbccfcf8

Headers

File Characteristics

Imports

msvcp60

user32

ole32

oleaut32

kernel32

msvcrt

advapi32

ws2_32

urlmon

Sections

.text Size: 43KB - Virtual size: 43KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 9KB - Virtual size: 280KB

.text
Size: 43KB - Virtual size: 43KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 9KB - Virtual size: 280KB