a7fe27c1804ca6fa448f3bace5f2eeef_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a7fe27c1804ca6fa448f3bace5f2eeef_JaffaCakes118
Size

254KB
MD5

a7fe27c1804ca6fa448f3bace5f2eeef
SHA1

a904e48e7ddbdc25cdef28163bc88fa9c4de2934
SHA256

5d0415567be88c7ec36fef0ffd7d3a1f128c8e079abbe18826102739f699a60a
SHA512

5f2ffb54fbf9fe307bebbde41e09c8ab61084a276bab78812c8bb1498571deea067c7ed87d79558ead61be191d69970d30a80f1e4ae5dcba5de636aa91a7d663
SSDEEP

1536:xfUFyZnxWACfvNRX1/WtmadL7VwGbrbGCfXPVwhmqXcoJQ8H:xfUYafv3X1uEadVwGbrbGCfX6hZJbH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a7fe27c1804ca6fa448f3bace5f2eeef_JaffaCakes118

Files

a7fe27c1804ca6fa448f3bace5f2eeef_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3f27bdfa97d60db56d1147820ca1e96b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_except_handler3
__set_app_type
__p__fmode
strstr
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
wcstok
vsprintf
calloc
_memicmp
strcat
strncmp
strtok
sscanf
isxdigit
wcscmp
strncpy
wcslen
??2@YAPAXI@Z
??3@YAXPAX@Z
sprintf
wcsstr
srand
rand
_snwprintf
malloc
strcmp
memcpy
memcmp
free
strcpy
atoi
wcscpy
_snprintf
memset
tolower
isspace
isprint
strlen
_controlfp

ws2_32

ioctlsocket
connect
send
htons
socket
select
recv
gethostbyname
sendto
WSACleanup
getpeername
ntohs
inet_ntoa
closesocket
WSAStartup
inet_addr

ntdll

NtQueryInformationThread
NtWriteVirtualMemory
RtlUnicodeStringToAnsiString
RtlFreeAnsiString

advapi32

FreeSid
RegDeleteValueW
RegEnumValueW
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegNotifyChangeKeyValue
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
AllocateAndInitializeSid
CheckTokenMembership
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetUserNameW
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

kernel32

CreateMutexA
GetLastError
InitializeCriticalSection
DeleteCriticalSection
SetErrorMode
OpenMutexA
WaitForSingleObject
CreateThread
CreateProcessW
CreateProcessA
MultiByteToWideChar
SetFileAttributesW
CopyFileW
WideCharToMultiByte
ReleaseMutex
ExitProcess
DeleteFileW
lstrcmpiA
OpenProcess
CreateRemoteThread
VirtualFree
GetCurrentProcess
GetProcAddress
VirtualAlloc
CreateFileMappingA
MapViewOfFile
GetModuleFileNameW
ReadProcessMemory
GetCurrentProcessId
GetStartupInfoA
OpenFileMappingA
lstrcpyA
GetThreadContext
SetThreadContext
ResumeThread
TerminateProcess
FindFirstFileA
FindNextFileA
FindClose
RemoveDirectoryA
CreateDirectoryA
lstrcpynA
MoveFileExW
GetLogicalDriveStringsA
QueryDosDeviceA
ExitThread
lstrlenA
HeapReAlloc
lstrcmpW
CreateEventA
DisconnectNamedPipe
FlushFileBuffers
ReadFile
ConnectNamedPipe
CreateNamedPipeA
HeapFree
VirtualProtect
WriteFile
HeapAlloc
DeleteFileA
SetFileAttributesA
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleA
GetVersionExA
LockFile
GetFileSize
CreateFileW
UnlockFile
GetFileAttributesA
UnmapViewOfFile
CloseHandle
DeviceIoControl
CreateFileA
GetProcessHeap
LoadLibraryA
ExpandEnvironmentStringsW
Sleep
GetTickCount
WriteProcessMemory
VirtualAllocEx
Process32Next
Process32First
CreateToolhelp32Snapshot
GetCommandLineA

shell32

SHGetSpecialFolderPathA
SHGetSpecialFolderPathW
ShellExecuteA

psapi

GetModuleFileNameExW
GetProcessImageFileNameA
GetModuleFileNameExA

shlwapi

StrStrIW
PathAppendA
PathFindExtensionA
StrCmpIW
AssocQueryStringA
StrStrIA
StrCmpNIA
StrCmpNA

wintrust

WinVerifyTrust

urlmon

ObtainUserAgentString

wininet

DeleteUrlCacheEntryA
InternetOpenA
InternetOpenUrlA
InternetCloseHandle
HttpQueryInfoA
InternetReadFile
InternetQueryOptionA
HttpQueryInfoW

user32

PostQuitMessage
DispatchMessageA
CharLowerBuffA
UnregisterDeviceNotification
GetMessageA
RegisterDeviceNotificationA
CreateWindowExA
RegisterClassExA
DefWindowProcA
TranslateMessage

ole32

CoCreateInstance
CoUninitialize
CoInitialize

Sections

.text
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3f27bdfa97d60db56d1147820ca1e96b

Headers

File Characteristics

Imports

msvcrt

ws2_32

ntdll

advapi32

kernel32

shell32

psapi

shlwapi

wintrust

urlmon

wininet

user32

ole32

Sections

.text Size: 39KB - Virtual size: 38KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 8KB - Virtual size: 43KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 39KB - Virtual size: 38KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 8KB - Virtual size: 43KB

.reloc
Size: 5KB - Virtual size: 4KB