ab433011a667281b548cabd1b416d294_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ab433011a667281b548cabd1b416d294_JaffaCakes118
Size

57KB
MD5

ab433011a667281b548cabd1b416d294
SHA1

48d27483e9cbe5ff9945579ac50fdb4d0e3a775d
SHA256

9cedf45eabf0cfab25fa5bf987581b2b02880f54de65aeb6488dc16dd1bfdae1
SHA512

37ecd154df1967e0ef4682f099b741a77a91cb78553e13f8c0d70b46d2739e196c0c5280c5b28f98f1f18a775d6fc2467159b81a5c813e763d7603a52546fe27
SSDEEP

768:mqdkQ2bxFt1hXk5FfV2/T+yFD0v7t0LQ2RwEgjt0TFCFBB+DVbyrJG+E9GwTeCFr:d2bxkfo+yFkZ0LQ2RwEg4Fh9WtwEe6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ab433011a667281b548cabd1b416d294_JaffaCakes118

Files

ab433011a667281b548cabd1b416d294_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b35a74d5353df6c398cdc784c4c13124

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
strstr
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
strrchr
vsprintf
calloc
_memicmp
strcat
strncmp
strtok
??2@YAPAXI@Z
??3@YAXPAX@Z
sscanf
isxdigit
memcmp
strncpy
strcmp
malloc
sprintf
free
srand
rand
memcpy
_snprintf
atoi
strcpy
memset
tolower
isspace
isprint
strlen
_controlfp

ws2_32

inet_addr
closesocket
socket
inet_ntoa
gethostbyname
ntohs
ioctlsocket
connect
send
WSACleanup
htons
WSAStartup
sendto
select
recvfrom
getpeername

ntdll

RtlUnicodeStringToAnsiString
NtQueryInformationThread
NtWriteVirtualMemory
RtlFreeAnsiString

kernel32

GetLogicalDriveStringsA
lstrcpynA
GetCurrentProcessId
lstrlenA
HeapReAlloc
lstrcmpW
WideCharToMultiByte
ExitThread
HeapAlloc
HeapFree
MoveFileExA
CreateEventA
GetCommandLineA
GetVersionExA
UnlockFile
EnterCriticalSection
LeaveCriticalSection
DeleteFileA
WriteFile
CreateNamedPipeA
ConnectNamedPipe
ReadFile
DisconnectNamedPipe
GetModuleFileNameA
CreateMutexA
GetFileSize
LockFile
InitializeCriticalSection
DeleteCriticalSection
MultiByteToWideChar
CreateDirectoryA
GetFileAttributesA
FindClose
FindNextFileA
FindFirstFileA
SetCurrentDirectoryA
TerminateProcess
FreeLibrary
ResumeThread
SetThreadContext
WriteProcessMemory
ReadProcessMemory
GetThreadContext
GetModuleHandleA
FlushFileBuffers
GetStartupInfoA
ReleaseMutex
CreateFileMappingA
OpenFileMappingA
MapViewOfFile
lstrcpyA
CloseHandle
DeviceIoControl
CreateFileA
GetProcessHeap
LoadLibraryA
ExpandEnvironmentStringsA
Sleep
CreateThread
GetTickCount
VirtualFree
VirtualAllocEx
VirtualAlloc
Process32Next
OpenProcess
Process32First
CreateToolhelp32Snapshot
VirtualProtect
GetProcAddress
CreateRemoteThread
GetCurrentProcess
lstrcmpiA
ExitProcess
CopyFileA
SetFileAttributesA
CreateProcessA
GetLastError
WaitForSingleObject
OpenMutexA
SetErrorMode
UnmapViewOfFile

advapi32

AdjustTokenPrivileges
OpenProcessToken
GetUserNameA
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegNotifyChangeKeyValue
RegSetValueExA
RegDeleteValueA
RegEnumValueA
LookupPrivilegeValueA

shell32

ShellExecuteA
SHGetSpecialFolderPathA

psapi

GetModuleFileNameExA

shlwapi

StrStrIA
PathAppendA
PathFindExtensionA
AssocQueryStringA
StrCmpNA
StrCmpNIA

wintrust

WinVerifyTrust

urlmon

ObtainUserAgentString

wininet

HttpQueryInfoW
InternetOpenA
InternetOpenUrlA
InternetCloseHandle
HttpQueryInfoA
InternetReadFile
InternetQueryOptionA

user32

PostQuitMessage
RegisterDeviceNotificationA
GetMessageA
TranslateMessage
DispatchMessageA
CharLowerBuffA
RegisterClassExA
DefWindowProcA
CreateWindowExA
UnregisterDeviceNotification

ole32

CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

SysAllocStringLen
SysFreeString

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b35a74d5353df6c398cdc784c4c13124

Headers

File Characteristics

Imports

msvcrt

ws2_32

ntdll

kernel32

advapi32

shell32

psapi

shlwapi

wintrust

urlmon

wininet

user32

ole32

oleaut32

Sections

.text Size: 38KB - Virtual size: 38KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 7KB - Virtual size: 75KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 38KB - Virtual size: 38KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 7KB - Virtual size: 75KB

.reloc
Size: 5KB - Virtual size: 4KB