a9813208f7497f502868eac77ae1264e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a9813208f7497f502868eac77ae1264e_JaffaCakes118
Size

44KB
MD5

a9813208f7497f502868eac77ae1264e
SHA1

6324b0ac46800d3252d515c89f3c0fee6818c6e5
SHA256

4f74a0ef0a37a840e1a607a61ee02e8dd369bb3118219f6f3a3d4282e17cdece
SHA512

460ff604cc3c47b0e858394a840e0faaaeefee427d614fcd8e0f5d505a6ed17e6cd602353b4934ef50cdc30dc0b6858aa159b6537ef9b47b6deac280732e8469
SSDEEP

768:0ld8nSPyaTLwhHi13i9BWFy+AaQfwH5ISfRHft:0ld8n8L2Hm3impQfw/5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a9813208f7497f502868eac77ae1264e_JaffaCakes118

Files

a9813208f7497f502868eac77ae1264e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0090761a549a36d15c454f4de455a2e4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WideCharToMultiByte
lstrlenW
WaitForSingleObject
GetCurrentProcessId
GetTickCount
Sleep
GetVolumeInformationA
TerminateProcess
OpenProcess
MoveFileExA
WriteFile
CreateFileA
FreeLibrary
ExitProcess
GetModuleHandleA
GetVersion
GetModuleFileNameA
CreateProcessA
GetTempPathA
MultiByteToWideChar
lstrlenA
FindClose
FindNextFileA
FindFirstFileA
ReadFile
GetFileSize
GetProcAddress
LoadLibraryA
GetLastError
CreateMutexA
GetStartupInfoA
GetCurrentThreadId
DeleteFileA
CloseHandle

user32

MessageBoxA
GetWindowTextA
SetForegroundWindow
GetForegroundWindow
CharToOemA

advapi32

RegQueryValueExA
RegOpenKeyA
RegCloseKey

shlwapi

SHDeleteKeyA
SHSetValueA
SHGetValueA
PathFileExistsA

ole32

CoMarshalInterThreadInterfaceInStream
CoCreateInstance
CoInitialize
CLSIDFromProgID

ws2_32

WSAStartup
gethostbyname
htons
bind
closesocket
connect
send
recv
socket

wininet

InternetCrackUrlA
InternetGetConnectedState

msvcp60

??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ

oleaut32

SysAllocStringLen
SysAllocString
SysStringLen
SysFreeString
VariantClear

msvcrt

strstr
_strdup
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
_except_handler3
wcscmp
swprintf
strncat
wcsstr
wcsncpy
fgetc
strncpy
fscanf
_ftol
pow
fseek
ftell
fread
fwrite
strcmp
exit
strtok
free
malloc
fprintf
fopen
fgets
atoi
fclose
strcat
time
memcpy
memset
sprintf
__CxxFrameHandler
??2@YAPAXI@Z
_stricmp
strlen
strcpy

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0090761a549a36d15c454f4de455a2e4

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

ole32

ws2_32

wininet

msvcp60

oleaut32

msvcrt

Sections

.text Size: 36KB - Virtual size: 36KB

.rsrc Size: 4KB - Virtual size: 4KB

.text
Size: 36KB - Virtual size: 36KB

.rsrc
Size: 4KB - Virtual size: 4KB