ab21f6cad1401d1d5c4ad63dd9a73733_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ab21f6cad1401d1d5c4ad63dd9a73733_JaffaCakes118
Size

1.4MB
MD5

ab21f6cad1401d1d5c4ad63dd9a73733
SHA1

02d0905a4db7d5c20906be18541d3cc7b7bcfc81
SHA256

7c8b99d25940c7dd809276f960e5209a5bbafee5e994c8cd12df8fdb5d3e4cda
SHA512

3f5a14e82864a6637899010d8017cf170f738487dd6e755dd1a3a2e73cad7e4f11ee613c2d388848baf4827b06f0fca8c474598c38b1703be2e2b79327865884
SSDEEP

24576:UrqpdZwM+cLXKZfI6YaZ36JK8g4gitSUyP8G7+WllPPAAnkDv2+8RM9QuIGRe17:YYZ7+cd6YaZ3SSkDv2+8RM9QuIGR9xG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ab21f6cad1401d1d5c4ad63dd9a73733_JaffaCakes118

Files

ab21f6cad1401d1d5c4ad63dd9a73733_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d62838b25731d7f8d1a2dcbb018e2677

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RtlUnwind
RaiseException
ExitProcess
GetProcAddress
TerminateProcess
GetCurrentProcess
GetCommandLineA
GetVersionExA
HeapAlloc
TlsAlloc
SetLastError
GetCurrentThreadId
TlsFree
TlsSetValue
TlsGetValue
HeapFree
SetUnhandledExceptionFilter
HeapReAlloc
HeapSize
DeleteCriticalSection
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
CloseHandle
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetCPInfo
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetACP
GetOEMCP
IsBadReadPtr
IsBadCodePtr
InterlockedExchange
VirtualQuery
SetFilePointer
VirtualProtect
GetSystemInfo
SetStdHandle
FlushFileBuffers
CreateFileA
LoadLibraryA
GetTimeZoneInformation
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
ReadFile
SetEndOfFile
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetFileSize
LocalFree
SystemTimeToFileTime
GetSystemTime
GetFullPathNameW
GetFullPathNameA
GetCurrentDirectoryW
GetCurrentDirectoryA
GetFileAttributesW
SetFileAttributesW
CompareFileTime
GetLocalTime
GetFileAttributesA
FormatMessageA
GetTempPathA
SetFileAttributesA
GetComputerNameA
CreateFileW
FreeLibrary
LocalAlloc
WinExec
GetLastError
GetTickCount
CreateThread
Sleep
MoveFileExA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetModuleHandleA
WriteFile
GetModuleFileNameA

advapi32

RegCreateKeyExA
CryptDestroyKey
CryptReleaseContext
RegQueryValueExA
RegSetValueExA
RegCloseKey
GetUserNameA
RegOpenKeyExA
SetServiceStatus
CloseServiceHandle
ChangeServiceConfig2A
OpenServiceA
OpenSCManagerA
CreateServiceA
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
CryptAcquireContextA
CryptEnumProvidersA
CryptGenRandom
CryptImportKey
CryptExportKey
CryptGetUserKey
CryptGetProvParam

urlmon

URLDownloadToFileA

ws2_32

ntohs
WSAStartup
shutdown
gethostbyname
select
connect
ioctlsocket
htons
inet_addr
closesocket
socket
recv
send
setsockopt
WSAGetLastError
inet_ntoa
getsockname
bind
gethostname

crypt32

CertFindCertificateInStore
CertVerifyCertificateChainPolicy
CryptDecodeObject
CertFreeCertificateChain
CertFreeCertificateChainEngine
CertGetCertificateChain
CertCreateCertificateChainEngine
CertGetCertificateContextProperty
CryptAcquireCertificatePrivateKey
CertDuplicateCertificateContext
CertSetCertificateContextProperty
CertFreeCertificateContext
CertNameToStrA
CertCloseStore
CertEnumCertificatesInStore
CertOpenStore
CertAddCertificateContextToStore
CertSaveStore
CertGetSubjectCertificateFromStore
CryptSignMessage
CryptEncodeObject
CryptVerifyDetachedMessageSignature
CryptDecodeMessage
CryptDecryptMessage
CryptEncryptMessage
CryptVerifyMessageSignature

oleaut32

VariantTimeToSystemTime
SysFreeString
SystemTimeToVariantTime
SysAllocString
SysStringLen

Sections

.text
Size: 988KB - Virtual size: 986KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 360KB - Virtual size: 358KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d62838b25731d7f8d1a2dcbb018e2677

Headers

File Characteristics

Imports

kernel32

advapi32

urlmon

ws2_32

crypt32

oleaut32

Sections

.text Size: 988KB - Virtual size: 986KB

.rdata Size: 360KB - Virtual size: 358KB

.data Size: 52KB - Virtual size: 69KB

.text
Size: 988KB - Virtual size: 986KB

.rdata
Size: 360KB - Virtual size: 358KB

.data
Size: 52KB - Virtual size: 69KB