abdf124ec22d1b03e8394f70fcca5fab_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

abdf124ec22d1b03e8394f70fcca5fab_JaffaCakes118
Size

111KB
MD5

abdf124ec22d1b03e8394f70fcca5fab
SHA1

015b5c6086ebdde0dc931fe61d9e5829c6cb8614
SHA256

33628ed8ffcaf8b9eb2bfaddb9766f309a174b60a1bb51c7853cadf931132ccb
SHA512

c64b6434236a9a2734ef9ce8227e1883b10b2916d8fecb1251dbcf317ddc18841f71ca422de9b0ea224c85368360ace230dc68b2a5fc1d857c5a43670861d645
SSDEEP

1536:GhBHyZEo1ZduNt/lqAuDhhgP/xePRwkFwsXEwOwHO2MbbhOHKAdXWR82jQU3ziiQ:Ghpy+ht6Vh8eZB6PwwoYRNiaDho

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
abdf124ec22d1b03e8394f70fcca5fab_JaffaCakes118

Files

abdf124ec22d1b03e8394f70fcca5fab_JaffaCakes118
.exe windows:5 windows x86 arch:x86

5fb1617904a252209f69cedb7eedd2ae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

wcscpy
sprintf
_snprintf
wcslen
wcsstr
??3@YAXPAX@Z
printf
strlen
memcpy
memset
wcscat
strncpy

ntdll

NtQuerySystemInformation
ZwTerminateProcess
NtQueryInformationThread
NtWaitForSingleObject
NtDeviceIoControlFile
NtQueryObject

kernel32

IsBadCodePtr
LoadLibraryA
MultiByteToWideChar
CreateFileW
lstrcpyA
GetModuleHandleA
IsBadReadPtr
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
CloseHandle
WriteFile
CreateFileA
HeapReAlloc
HeapAlloc
HeapCreate
WinExec
Sleep
ExitThread
GetProcessHeap
HeapFree
lstrcatA
GetModuleFileNameA
GetSystemDirectoryA
GetVersionExA
CreateThread
GetTickCount
GetSystemInfo
TerminateThread
ExitProcess
VirtualFree
VirtualAlloc
SetUnhandledExceptionFilter
GlobalFree
CreateMutexA
SetErrorMode
DeleteFileA
OutputDebugStringA
TerminateProcess
GetLastError
CreateProcessA
GetEnvironmentVariableA
ReleaseMutex
lstrcmpW
DuplicateHandle
OpenProcess
GetCurrentProcessId
lstrlenA

user32

wsprintfW
wvsprintfA
wsprintfA

advapi32

RegCreateKeyExA
OpenSCManagerA
CreateServiceA
OpenServiceA
StartServiceA
CloseServiceHandle
GetUserNameA
RegEnumKeyExA
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCloseKey

ws2_32

getsockname
htons
inet_addr
WSAStartup
bind
listen
accept
__WSAFDIsSet
select
closesocket
send
connect
socket
recv
gethostbyname

wininet

InternetReadFile
InternetOpenA
HttpSendRequestExA
InternetCrackUrlA
InternetOpenUrlA
InternetGetConnectedState
HttpEndRequestA
InternetConnectA
HttpOpenRequestA
InternetCloseHandle

iphlpapi

SendARP
GetAdaptersInfo
GetTcpTable
SetTcpEntry
GetNetworkParams
GetBestInterface

dbghelp

SymGetModuleBase
SymGetModuleInfo
SymGetSymFromAddr
SymInitialize
SymSetOptions

Sections

.data
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5fb1617904a252209f69cedb7eedd2ae

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ntdll

kernel32

user32

advapi32

ws2_32

wininet

iphlpapi

dbghelp

Sections

.data Size: 110KB - Virtual size: 110KB

.data
Size: 110KB - Virtual size: 110KB