89b1e1c3c927f43d6d8108cf1422287a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

89b1e1c3c927f43d6d8108cf1422287a_JaffaCakes118
Size

104KB
MD5

89b1e1c3c927f43d6d8108cf1422287a
SHA1

d5905327f213a69f314e2503c68ef5b51c2d381e
SHA256

49bc860fb8856436e1d540754732843f1a534901ecdd031870702bacab58ae54
SHA512

5d13909e53e9e2355b27594f0809515337e397ab113fcc5cbd2fa9c1ac5616f91a7cfcca7649fd73ca52dcc761a6222d17a97bb8624db837a801d1889eb5d6cd
SSDEEP

1536:aWEMKBHQwgmM++VCNeIwh8Z0u9dj+0N9QJqkKiJqTR:aWBolgmvhNuCZPhMqkKAYR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
89b1e1c3c927f43d6d8108cf1422287a_JaffaCakes118

Files

89b1e1c3c927f43d6d8108cf1422287a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

12f848dea124b16c25c191491b7d6ea8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpyA
SetLastError
FreeLibrary
WinExec
GetTempFileNameA
CloseHandle
OpenProcess
GetModuleFileNameA
WriteFile
CreateFileA
DeleteFileA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileSize
FindClose
FindNextFileA
FindFirstFileA
ExpandEnvironmentStringsA
HeapAlloc
HeapCreate
HeapDestroy
HeapReAlloc
GetLastError
lstrlenW
GetWindowsDirectoryA
GetEnvironmentVariableA
GetCurrentProcess
GetModuleHandleA
ReadFile
CreateProcessA
DuplicateHandle
CreatePipe
GetStdHandle
GetTickCount
ExitProcess
CreateNamedPipeA
GetShortPathNameA
SetErrorMode
SetPriorityClass
GetProcessHeap
OutputDebugStringA
HeapFree
SetFilePointer
MoveFileA
CompareStringA
lstrcmpiA
CompareStringW
GetProcessTimes
MultiByteToWideChar
IsDebuggerPresent
GetPrivateProfileSectionNamesA
GetPrivateProfileStringA
lstrcpynA
LoadLibraryA
GetProcAddress
WideCharToMultiByte
lstrcatA
lstrcmpA
Sleep
GetFileAttributesA
GetFileTime
lstrlenA
FileTimeToSystemTime
GlobalFree
LocalFree
GetSystemInfo
GetLogicalDrives
GetDriveTypeA
GetDiskFreeSpaceA
GetSystemTime
GetComputerNameA
GlobalAlloc
GetACP
GetOEMCP
GetCurrentDirectoryA
GetVolumeInformationA
GetTempPathA

user32

LockSetForegroundWindow
wsprintfA
GetSystemMetrics
MessageBoxA
wvsprintfA
CharLowerBuffA
CharUpperBuffA
GetKeyboardLayoutNameA
EnumDisplaySettingsA

advapi32

CryptAcquireContextA
CryptHashData
CryptDeriveKey
CryptDecrypt
CryptDestroyKey
CryptDestroyHash
CryptReleaseContext
RegEnumValueW
RegQueryValueExW
RegEnumValueA
RegOpenKeyExA
RegQueryInfoKeyA
RegEnumKeyExA
RegOpenKeyA
RegEnumKeyA
RegQueryValueExA
RegCloseKey
GetUserNameA
OpenProcessToken
RegSetValueExA
RegCreateKeyA
RegDeleteValueA
AdjustTokenPrivileges
LookupPrivilegeValueA
CryptGenRandom
CryptCreateHash

oleaut32

VariantInit
SafeArrayPutElement
SafeArrayCreate
SysFreeString
SysAllocString

shell32

SHGetSpecialFolderPathA
ord680
SHGetFolderPathA

ole32

OleInitialize
CoCreateInstance
CoTaskMemFree

psapi

GetModuleFileNameExA
EnumProcesses

shlwapi

StrStrIA

crypt32

CryptUnprotectData

iphlpapi

GetNetworkParams

ws2_32

WSAStartup
gethostname
gethostbyname
inet_ntoa

urlmon

URLDownloadToFileA

Sections

.text
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

12f848dea124b16c25c191491b7d6ea8

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

shell32

ole32

psapi

shlwapi

crypt32

iphlpapi

ws2_32

urlmon

Sections

.text Size: 72KB - Virtual size: 68KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 8KB - Virtual size: 13KB

.text
Size: 72KB - Virtual size: 68KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 8KB - Virtual size: 13KB