ad85769ed1c2ebc9e64f8bdf1820e164_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ad85769ed1c2ebc9e64f8bdf1820e164_JaffaCakes118
Size

896KB
MD5

ad85769ed1c2ebc9e64f8bdf1820e164
SHA1

a417936a901912d0fb6da87f0bceb8ed50f170b1
SHA256

be6871838a0feb9639be7f20ee3c82a25981244d216d2ffd649ebec3d5fc328e
SHA512

a7a472d3f1c1c501184cd979d6af15fbced2b1f644d80d9b3d97d8bff8897c4f855e465aad5a0f599a533fa02d4f8efb5c41ee781e41f4a51c200c15e8d882a8
SSDEEP

12288:3fEJXSzIa9dS3D7cy70cwl9V8jMp3KDMqC4jnv9S1hYZilFtgjKVXcPO+qH7wd:3fEFcc3D7cyIqGsCaVIbtKnMkd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ad85769ed1c2ebc9e64f8bdf1820e164_JaffaCakes118

Files

ad85769ed1c2ebc9e64f8bdf1820e164_JaffaCakes118
.exe windows:4 windows x86 arch:x86

280db57658beef500ce5ec0fac8dca6a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetStartupInfoA
LocalAlloc
VirtualAlloc
VirtualFree
VirtualAlloc
VirtualAlloc
VirtualFree
VirtualFree
VirtualAlloc
VirtualFree
InitializeCriticalSection
LocalAlloc
LocalFree
VirtualFree
LocalFree
GetModuleFileNameA
GetCommandLineA
ReadFile
WriteFile
CloseHandle
CreateFileA
GetFileSize
SetFilePointer
ReadFile
SetFilePointer
SetEndOfFile
GetStdHandle
GetFileType
CloseHandle
RaiseException
RaiseException
UnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
RaiseException
RaiseException
RaiseException
UnhandledExceptionFilter
RaiseException
RaiseException
RaiseException
RaiseException
RaiseException
GetStdHandle
WriteFile
GetStdHandle
WriteFile
FreeLibrary
ExitProcess
RaiseException
GetLocaleInfoA
GetCommandLineA
GetVersion
GetVersion
GetThreadLocale
GetThreadLocale
GetCurrentThreadId
LocalAlloc
TlsSetValue
TlsGetValue
TlsGetValue
GetModuleHandleA
CreateFileA
CloseHandle
CreateFileA
ReadFile
WriteFile
SetFilePointer
RaiseException
Sleep
GetDriveTypeA
RaiseException
CopyFileA
WinExec
CreateThread
RaiseException
SetFileAttributesA
GetSystemDirectoryA
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
DeleteFileA
VirtualAlloc
LoadLibraryA
GetProcAddress
FreeLibrary
CreateProcessA
GetThreadContext
ReadProcessMemory
VirtualQueryEx
VirtualProtectEx
WriteProcessMemory
WriteProcessMemory
SetThreadContext
ResumeThread
CloseHandle
TerminateProcess
CloseHandle
CloseHandle
TerminateProcess
CloseHandle
CloseHandle
LoadLibraryA
VirtualFree
GetModuleHandleA
GetProcAddress
FreeLibrary
GetVersionExA
GetModuleHandleA
LoadLibraryA
GetProcAddress
GetProcAddress
GetProcAddress
GetProcAddress
RaiseException
CreateProcessA
CloseHandle
CloseHandle
GetSystemTime
WinExec
Sleep
WinExec
CopyFileA
SetFileAttributesA
RaiseException
RaiseException
Sleep
RaiseException
WinExec
RaiseException
GetSystemTime
WinExec
Sleep
WinExec
VirtualAllocEx
CopyFileA
RaiseException
RaiseException
VirtualAllocEx
RaiseException
RtlUnwind
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetVersion
GetCurrentThreadId
GetThreadLocale
GetStartupInfoA
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetCommandLineA
FreeLibrary
ExitProcess
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
CreateFileA
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
WriteProcessMemory
WriteFile
WinExec
VirtualQueryEx
VirtualProtectEx
VirtualFree
VirtualAlloc
TerminateProcess
Sleep
SetThreadContext
SetFilePointer
SetFileAttributesA
ResumeThread
ReadProcessMemory
ReadFile
LoadLibraryA
GetVersionExA
GetThreadContext
GetSystemTime
GetSystemDirectoryA
GetProcAddress
GetModuleHandleA
GetLastError
GetDriveTypeA
FreeLibrary
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
DeleteFileA
CreateThread
CreateProcessA
CreateFileA
CopyFileA
CloseHandle
LoadLibraryA
GetProcAddress
LoadLibraryA
GetProcAddress
LoadLibraryA
GetProcAddress
LoadLibraryA
GetProcAddress
LoadLibraryA
GetProcAddress
LoadLibraryA
GetProcAddress
LoadLibraryA
GetProcAddress
LoadLibraryA
GetProcAddress
LoadLibraryA
GetProcAddress
LoadLibraryA
GetProcAddress
LoadLibraryA
GetProcAddress

ntdll

RtlEnterCriticalSection
RtlLeaveCriticalSection
RtlEnterCriticalSection
RtlLeaveCriticalSection
RtlDeleteCriticalSection
RtlEnterCriticalSection
RtlLeaveCriticalSection
RtlEnterCriticalSection
RtlLeaveCriticalSection
RtlEnterCriticalSection
RtlLeaveCriticalSection
RtlGetLastWin32Error
RtlGetLastWin32Error
RtlGetLastWin32Error
RtlGetLastWin32Error
RtlGetLastWin32Error

urlmon

GetClassURL
URLDownloadToFileA
GetSoftwareUpdateInfo
GetSoftwareUpdateInfo
GetSoftwareUpdateInfo
GetSoftwareUpdateInfo
GetSoftwareUpdateInfo
GetSoftwareUpdateInfo
GetSoftwareUpdateInfo
GetSoftwareUpdateInfo
GetSoftwareUpdateInfo
GetSoftwareUpdateInfo
URLDownloadToFileA

user32

CharNextA
CharNextA
CharNextA
CharNextA
CharNextA
CharNextA
CharNextA
CharNextA
CharNextA
GetKeyboardType
GetKeyboardType
MessageBoxA
CreateWindowExA
FindWindowA
FindWindowA
SetForegroundWindow
SetActiveWindow
FindWindowExA
GetWindowRect
SetCursorPos
SendMessageA
SendMessageA
SendMessageA
SendMessageA
FindWindowExA
GetWindowRect
SetCursorPos
SendMessageA
SendMessageA
SendMessageA
SendMessageA
FindWindowA
FindWindowExA
GetWindowRect
SetCursorPos
SendMessageA
SendMessageA
SendMessageA
SendMessageA
SetTimer
KillTimer
DefWindowProcA
RegisterClassA
TranslateMessage
DispatchMessageA
GetMessageA
GetKeyboardType
MessageBoxA
CharNextA
CreateWindowExA
TranslateMessage
SetTimer
SetForegroundWindow
SetCursorPos
SetActiveWindow
SendMessageA
RegisterClassA
KillTimer
GetWindowRect
GetMessageA
FindWindowExA
FindWindowA
DispatchMessageA
DefWindowProcA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
OpenSCManagerA
CreateServiceA
OpenSCManagerA
OpenServiceA
DeleteService
CloseServiceHandle
CloseServiceHandle
RegOpenKeyExA
RegSetValueExA
RegCloseKey
QueryServiceConfig2A
ChangeServiceConfig2A
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegSetValueExA
RegOpenKeyExA
RegCloseKey
OpenServiceA
OpenSCManagerA
DeleteService
CreateServiceA
CloseServiceHandle

oleaut32

SysFreeString
SysFreeString
SysReAllocStringLen
SysFreeString
SysReAllocStringLen

gdi32

GetStockObject
GetStockObject

comctl32

ord384

Sections

.text
Size: 772KB - Virtual size: 772KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

0
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 528B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.newIID
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mackt
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

280db57658beef500ce5ec0fac8dca6a

Headers

File Characteristics

Imports

kernel32

ntdll

urlmon

user32

advapi32

oleaut32

gdi32

comctl32

Sections

.text Size: 772KB - Virtual size: 772KB

.data Size: 47KB - Virtual size: 47KB

.rsrc Size: 32KB - Virtual size: 32KB

0 Size: 4KB - Virtual size: 4KB

.reloc Size: 528B - Virtual size: 528B

.newIID Size: 3KB - Virtual size: 4KB

.mackt Size: 20KB - Virtual size: 20KB

.text
Size: 772KB - Virtual size: 772KB

.data
Size: 47KB - Virtual size: 47KB

.rsrc
Size: 32KB - Virtual size: 32KB

0
Size: 4KB - Virtual size: 4KB

.reloc
Size: 528B - Virtual size: 528B

.newIID
Size: 3KB - Virtual size: 4KB

.mackt
Size: 20KB - Virtual size: 20KB