a9acc1fc032367bd4b84f3ec6b2e0a57_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a9acc1fc032367bd4b84f3ec6b2e0a57_JaffaCakes118
Size

60KB
MD5

a9acc1fc032367bd4b84f3ec6b2e0a57
SHA1

1f1ce0cb0427ca7bee298dd6e3d7a803596a031e
SHA256

035acf00c8bc5f92cd23baf9a57a6299bfded48be859c5f9e82ad511358a3c56
SHA512

2a71939b8935b91a8c037512efe2c38098478ee12ad9d77496b5421b5fee6a1e6d7abce79a79eeeb5d444ec7f61afe90f43ee861867af4c2e294eda9c9d9e63d
SSDEEP

768:sf8l0JS5NVc7MsiUDVXehqEkevyNzCVdK:c8lkSTVRstehqneKpCV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a9acc1fc032367bd4b84f3ec6b2e0a57_JaffaCakes118

Files

a9acc1fc032367bd4b84f3ec6b2e0a57_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e103d6dba59a8922490944a35ca0e63f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcessId
GetCurrentThreadId
GetProcAddress
GetVersionExA
GetModuleHandleA
GetModuleFileNameA
UnmapViewOfFile
lstrcmpiA
HeapFree
lstrcpyA
GetLastError
HeapReAlloc
lstrlenA
GetSystemDirectoryA
InitializeCriticalSection
ExitProcess
WaitForSingleObjectEx
CloseHandle
SetEvent
OpenEventA
InterlockedIncrement
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
MapViewOfFile
OpenFileMappingA
GetFileAttributesA
CreateFileMappingA
DeleteFileA
OutputDebugStringA
lstrcatA
GetTickCount
PulseEvent
CreateRemoteThread
MapViewOfFileEx
IsBadReadPtr
VirtualAlloc
SetThreadContext
WriteProcessMemory
VirtualProtectEx
GetThreadContext
ResumeThread
DuplicateHandle
OpenProcess
CreateProcessA
TerminateProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
VirtualAllocEx
VirtualFreeEx
GlobalFree
CreateThread
SetFileTime
GetFileTime
CreateFileA
CopyFileA
Sleep
GetWindowsDirectoryA
CreateEventA
CreateMutexA
ReleaseMutex
GetFileSize
RemoveDirectoryA
ExitThread
OpenFile
_lclose
TerminateThread
lstrcpynA
LoadLibraryA
FreeLibrary
lstrcmpA
GetProcessHeap
HeapAlloc
FlushInstructionCache
VirtualProtect
SetLastError
GetCurrentProcess
GlobalAlloc
VirtualFree

user32

MessageBoxA
wsprintfA

advapi32

RegQueryValueExA
SetSecurityDescriptorDacl
OpenProcessToken
GetTokenInformation
AdjustTokenPrivileges
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
InitializeSecurityDescriptor

oleaut32

SysFreeString
SysAllocString

wininet

InternetOpenA
InternetReadFile
InternetQueryDataAvailable
InternetOpenUrlA
InternetCrackUrlA
InternetCanonicalizeUrlA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetCloseHandle
InternetConnectA

shlwapi

SHDeleteKeyA

rpcrt4

UuidToStringA
RpcStringFreeA
UuidCreate

urlmon

CoInternetGetSession

Exports

Exports

?unzip@@YAPAXPADPAK@Z
InstallHook
_WorkProc@4
__mp@4

Sections

.text
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e103d6dba59a8922490944a35ca0e63f

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

wininet

shlwapi

rpcrt4

urlmon

Exports

Exports

Sections

.text Size: 54KB - Virtual size: 54KB

.reloc Size: 4KB - Virtual size: 4KB

Size: 512B - Virtual size: 4KB

.text
Size: 54KB - Virtual size: 54KB

.reloc
Size: 4KB - Virtual size: 4KB