abe0bc2d33ef873e95d3954e154fe517_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

abe0bc2d33ef873e95d3954e154fe517_JaffaCakes118
Size

104KB
MD5

abe0bc2d33ef873e95d3954e154fe517
SHA1

962a8602c7da0205797bb7ba99455a6817112f4a
SHA256

6855329ae3bf21954d0963677587d3069d8d7bdf9c2672ac31ecdc307bf9d128
SHA512

4a084fac7d8f99ef06c5bd6ec1bcaa737e8ed549197881dbe84689e69b8f0a3e9c74df166dcaa28b0147f02c6df893ca6ddb1d76432fb03c524a91209144f2e9
SSDEEP

1536:6ssd3vz/u0pn7MNkfU/BIAjD5uS38PsppMXRhPrZNiI/LxtmuJZOI:6/UBNkgBtBuAHMXRhPviI/FRv7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
abe0bc2d33ef873e95d3954e154fe517_JaffaCakes118

Files

abe0bc2d33ef873e95d3954e154fe517_JaffaCakes118
.exe windows:4 windows x86 arch:x86

dc5b43673c134deeb1bcc05228423f0f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstFileA
GetFileSize
Sleep
FreeLibrary
TerminateThread
GetCurrentDirectoryA
SetFilePointer
GetModuleFileNameA
GetTickCount
GetTempPathA
ExitProcess
VirtualQuery
VirtualProtect
ExitThread
Process32Next
Module32First
Process32First
CreateToolhelp32Snapshot
Module32Next
lstrcmpiA
TerminateProcess
FindClose
CreateDirectoryA
GetLogicalDriveStringsA
FindNextFileA
lstrcatA
lstrcpyA
FileTimeToSystemTime
DeleteFileA
GetLastError
LoadLibraryA
GetVersionExA
GetLocaleInfoA
GlobalMemoryStatus
GlobalLock
GlobalUnlock
GlobalAlloc
CreateMutexA
GetComputerNameA
CreateFileA
GetCurrentProcessId
IsBadReadPtr
GetStartupInfoA
ReleaseSemaphore
CreateSemaphoreA
WaitForSingleObject
LocalFree
GetModuleHandleA
GetProcAddress
GetFileInformationByHandle
GetProcessHeap
HeapAlloc
HeapFree
OpenProcess
CloseHandle

user32

mouse_event
SetCursorPos
GetDC
GetActiveWindow
GetWindowTextA
IsWindowVisible
wsprintfA
BringWindowToTop
ShowWindow
GetClipboardData
OpenClipboard
FindWindowA
CloseClipboard
EmptyClipboard
MessageBoxA
EnumWindows
SetClipboardData
SendMessageA

gdi32

GetDeviceCaps

advapi32

RegOpenKeyA
SetSecurityInfo
SetEntriesInAclA
GetUserNameA
GetSecurityInfo
RegEnumKeyExA
RegEnumValueA

shell32

ShellExecuteExA
SHFileOperationA

ws2_32

inet_ntoa
getsockname
inet_addr
WSACleanup
select
shutdown
gethostname
__WSAFDIsSet
WSAStartup
socket
htons
bind
listen
gethostbyname
closesocket
accept

msvcrt

malloc
rand
sprintf
free
strlen
memset
strcmp
__CxxFrameHandler
_strcmpi
strcpy
strstr
??3@YAXPAX@Z
_stricmp
??2@YAPAXI@Z
strtok
srand
strncpy
atoi
strcat
memcpy

avicap32

capGetDriverDescriptionA

wininet

FtpPutFileA
InternetCheckConnectionA

Sections

Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 16KB - Virtual size: 655KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 63B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nah
Size: 228B - Virtual size: 512B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

dc5b43673c134deeb1bcc05228423f0f

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ws2_32

msvcrt

avicap32

wininet

Sections

Size: 72KB - Virtual size: 71KB

Size: 4KB - Virtual size: 3KB

Size: 16KB - Virtual size: 655KB

Size: 63B - Virtual size: 4KB

Size: 4KB - Virtual size: 8KB

.nah Size: 228B - Virtual size: 512B

.nah
Size: 228B - Virtual size: 512B