abc3d498f04e60fed3f2aad400323b93_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

abc3d498f04e60fed3f2aad400323b93_JaffaCakes118
Size

68KB
MD5

abc3d498f04e60fed3f2aad400323b93
SHA1

746feaac82dc244b9ce6897c102f6d6103720b74
SHA256

eeaaaf40034c4d2f5da7b5d91b962049bd6c360315c7db256c4031df9a08d5d0
SHA512

f690c69f9aae12917a8d2daba9c50640be75faee29005ea0d900201239aafbe6581f088349ee04233ba180d35d2575fe1629ec76959df4627f0d09745bee4c1a
SSDEEP

1536:cSyGiwarHWXlt5psUjpONcsKBHpm+jzGqFf96h+j:cSyPH8t5pMZKJp3zpV6h

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
abc3d498f04e60fed3f2aad400323b93_JaffaCakes118

Files

abc3d498f04e60fed3f2aad400323b93_JaffaCakes118
.exe windows:5 windows x86 arch:x86

5b0ed0d14512bc6acc437bfaf2b10948

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

x:\svr\madonna\build\Release\bin\i386\Execode_GL.pdb

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegDeleteKeyA
RegQueryValueExA
RegOpenKeyA
RegEnumKeyA
RegSetValueExA
RegCreateKeyA
RevertToSelf
SetThreadToken
DuplicateTokenEx
ImpersonateSelf
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegFlushKey
RegCreateKeyExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegOpenKeyExA
RegEnumValueA
RegDeleteValueA
CryptDestroyHash
RegQueryValueExW
RegLoadKeyA
RegUnLoadKeyA
CryptHashData
CryptCreateHash
CryptReleaseContext
CryptAcquireContextA
CryptGetHashParam

kernel32

ExpandEnvironmentStringsA
GetSystemDirectoryA
Sleep
CreateThread
GetSystemTime
ExitThread
GetCurrentThreadId
GetTickCount
TerminateThread
lstrcmpiA
GetLastError
DeviceIoControl
Process32Next
Process32First
CreateToolhelp32Snapshot
OpenProcess
GetDiskFreeSpaceExA
GetDriveTypeA
GetLogicalDrives
GetExitCodeThread
WaitForSingleObject
GetModuleFileNameA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateMutexA
EnterCriticalSection
CreateProcessA
SetFilePointer
SetFileAttributesA
CreateDirectoryA
CreateEventA
InitializeCriticalSection
ResetEvent
SetEvent
FreeLibrary
GetProcAddress
LoadLibraryA
GetDateFormatA
GetTimeFormatA
lstrlenA
OutputDebugStringA
ReleaseMutex
WriteConsoleA
GetStdHandle
FlushFileBuffers
SetUnhandledExceptionFilter
lstrcpynW
LocalAlloc
LocalReAlloc
GetFileAttributesA
GetPrivateProfileSectionNamesW
GetPrivateProfileStringW
TerminateProcess
GetLocalTime
VirtualQuery
GetFileSize
ReadFile
CreateFileA
DeleteFileA
GetPrivateProfileIntW
LocalFree
GetPrivateProfileIntA
GetPrivateProfileStringA
FindFirstFileA
FindNextFileA
FindClose
lstrcmpW
lstrcpyW
lstrcmpiW
lstrcpynA
lstrcpyA
lstrcmpA
lstrlenW
lstrcatW
lstrcatA
WideCharToMultiByte
MultiByteToWideChar
GetVolumeInformationA
GetSystemTimeAsFileTime
HeapReAlloc
HeapFree
GetProcessHeap
WriteFile
GetCurrentProcess
CloseHandle
GetVersion
LeaveCriticalSection
HeapAlloc

ntdll

strcat
strcpy
isalpha
_fltused
strcspn
memset
strlen
_vsnprintf
strcmp
_chkstk
strstr
atoi
memcpy
wcsncpy
_snprintf
isgraph

wininet

InternetOpenUrlA
InternetCloseHandle
InternetReadFile
InternetOpenA
FtpPutFileA
InternetConnectA
FindCloseUrlCache
FindNextUrlCacheEntryA
FindFirstUrlCacheEntryA

ws2_32

ntohs
recvfrom
WSAGetLastError
bind
listen
accept
select
__WSAFDIsSet
WSAStartup
setsockopt
getsockname
ioctlsocket
sendto
send
socket
connect
closesocket
htons
inet_addr
gethostbyname
inet_ntoa
recv

user32

wsprintfA
wsprintfW

ole32

CoTaskMemFree

imagehlp

SymCleanup
StackWalk
SymInitialize
SymGetSymFromAddr
SymGetModuleBase
SymFunctionTableAccess

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5b0ed0d14512bc6acc437bfaf2b10948

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

ntdll

wininet

ws2_32

user32

ole32

imagehlp

iphlpapi

Sections

.text Size: 65KB - Virtual size: 65KB

.data Size: 2KB - Virtual size: 87KB

.text
Size: 65KB - Virtual size: 65KB

.data
Size: 2KB - Virtual size: 87KB