a259b86ed21ef638ad7504f99670b131_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a259b86ed21ef638ad7504f99670b131_JaffaCakes118
Size

355KB
MD5

a259b86ed21ef638ad7504f99670b131
SHA1

58781ea87d4c1d7d7b85aa11c02710957e8690de
SHA256

15aa0c304757d07820de987bc61c8dc7132a6bfcc5e6c541d2b136311bcfd491
SHA512

e7b38200e4a8da8faf7bef888a95f86e2ac698486f943459ce6fcb46f9191167d0e118a5926a89596ce3e67e5334e2cf84f72ce6b03f3dd952db95d2a721ff5a
SSDEEP

6144:67+zO64UawoET6rvObzEw636oP3bNk2XQvaxVGbeyCEv36pzXFDu/zb7Iioau/z:67+zO64pwoET6rvObzEw636oP3WeQvaU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a259b86ed21ef638ad7504f99670b131_JaffaCakes118

Files

a259b86ed21ef638ad7504f99670b131_JaffaCakes118
.exe windows:5 windows x86 arch:x86

8bb46bf3d0157cf1c9329b0cd01c40ea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\mmut\mutator8.3\tmp\dd09029db63fcd9b92a9bc778509c6bf\installator1.pdb

Imports

user32

GetWindow

advapi32

RegEnumValueA
RegQueryValueExA
RegCloseKey
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
LookupAccountSidA
GetTokenInformation
OpenProcessToken

ws2_32

WSAStartup
WSACleanup

wininet

InternetOpenUrlA
InternetCloseHandle
InternetOpenA
InternetReadFile
HttpQueryInfoA

netapi32

NetUserGetInfo
NetApiBufferFree

kernel32

RtlUnwind
GetProcessHeap
SetEndOfFile
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
HeapReAlloc
VirtualAlloc
GetLocaleInfoA
GetCompressedFileSizeA
GetCommandLineA
CloseHandle
UnlockFile
WriteFile
LockFile
SetFilePointer
ReadFile
CreateFileA
GetLogicalDriveStringsA
CreateMutexA
ExitProcess
OpenMutexA
Sleep
CreateProcessA
CopyFileA
GetModuleFileNameA
GetEnvironmentVariableA
GetShortPathNameA
GetCurrentProcess
MultiByteToWideChar
SetEnvironmentVariableA
CreateThread
SetFileAttributesA
GetLastError
CreateDirectoryA
GetLocalTime
GetVolumeInformationA
GetDriveTypeA
GetTimeFormatA
GetDateFormatA
GetTimeZoneInformation
GetSystemTimeAsFileTime
WideCharToMultiByte
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileA
FindNextFileA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleW
GetProcAddress
GetStartupInfoA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
TerminateProcess
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
HeapFree
HeapAlloc
GetStdHandle
SetStdHandle
GetFileType
GetConsoleCP
GetConsoleMode
SetHandleCount
FlushFileBuffers
GetFullPathNameA
GetCurrentDirectoryA
LoadLibraryA
InitializeCriticalSectionAndSpinCount
RaiseException
HeapSize
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

Sections

.text
Size: 248KB - Virtual size: 247KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8bb46bf3d0157cf1c9329b0cd01c40ea

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

advapi32

ws2_32

wininet

netapi32

kernel32

Sections

.text Size: 248KB - Virtual size: 247KB

.rdata Size: 101KB - Virtual size: 100KB

.data Size: 5KB - Virtual size: 36KB

.text
Size: 248KB - Virtual size: 247KB

.rdata
Size: 101KB - Virtual size: 100KB

.data
Size: 5KB - Virtual size: 36KB