b2891b48ad0e622a4d48c281dfcd5c47_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b2891b48ad0e622a4d48c281dfcd5c47_JaffaCakes118
Size

128KB
MD5

b2891b48ad0e622a4d48c281dfcd5c47
SHA1

46aac112a56ece0f09a33b155c447bd9ba5bbdd9
SHA256

fbbf929699cb1c68b2929a8457c82754de8046b328d5591946426c2b5eafdbf6
SHA512

33fce2094a0c75074b5ee19caaf7f9148181e8d3e6153a81980ee14b0939aa8d8e4bc6139274e7542e5ec0e30e938c94ed9e14f68e9aa56f619fd3c423ba969e
SSDEEP

1536:hvZioVHgVsVfUTS+CDuPYTkAtqgMv3fBXUHPYxfseduq/vxSgwVEL8k:TgKUO9uPY4Atq73BKP4kedugkgIEL8k

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b2891b48ad0e622a4d48c281dfcd5c47_JaffaCakes118

Files

b2891b48ad0e622a4d48c281dfcd5c47_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0e340e0b18c47477853de8f517b816f5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LockResource
LoadResource
SizeofResource
FindResourceA
GetModuleHandleA
GetFileSize
FindClose
FindNextFileA
FindFirstFileA
GetComputerNameA
GetVersionExA
GetDiskFreeSpaceExA
GlobalMemoryStatus
CreateRemoteThread
GetProcAddress
OpenProcess
WriteProcessMemory
VirtualAllocEx
Process32Next
Process32First
CreateToolhelp32Snapshot
lstrcmpiA
CreateThread
QueryPerformanceFrequency
QueryPerformanceCounter
LoadLibraryA
VirtualProtectEx
WriteFile
IsBadReadPtr
LoadLibraryExA
TerminateProcess
CreateProcessA
TerminateThread
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
ReadProcessMemory
GetWindowsDirectoryA
WideCharToMultiByte
MultiByteToWideChar
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetDriveTypeA
GetLogicalDriveStringsA
ReadFile
GlobalUnlock
GlobalLock
GlobalAlloc
InterlockedDecrement
LocalFree
CreateFileA
CloseHandle
DeleteFileA
GetCurrentProcessId
CreateMutexA
GetLastError
SetErrorMode
GetSystemTime
ExitProcess
GetLocaleInfoA
GetCurrentProcess
CopyFileA
SetProcessWorkingSetSize
GetTickCount
Sleep
GetShortPathNameA
GetEnvironmentVariableA
GetModuleFileNameA
GetSystemDirectoryA
GetTempPathA
SetFileAttributesA
FreeLibrary

user32

GetKeyNameTextA
GetWindowTextA
GetActiveWindow
GetKeyboardState
SetKeyboardState
GetMessageA
SetWindowsHookExA
DispatchMessageA
GetKeyboardLayout
BlockInput
SetFocus
ShowWindow
keybd_event
UnhookWindowsHookEx
CallNextHookEx
ToAsciiEx
VkKeyScanA
EmptyClipboard
SetClipboardData
OpenClipboard
GetClipboardData
CloseClipboard
SetForegroundWindow

advapi32

RegQueryValueExA
RegisterServiceCtrlHandlerA
GetUserNameA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
CloseServiceHandle
StartServiceA
OpenServiceA
CreateServiceA
OpenSCManagerA
DeleteService
ControlService
RegEnumValueA
SetServiceStatus

mpr

WNetCancelConnection2A
WNetAddConnection2A

msvcrt

_CxxThrowException
wcslen
_stricmp
fgets
sprintf
sscanf
malloc
??3@YAXPAX@Z
??2@YAPAXI@Z
fseek
__dllonexit
fopen
fwrite
fclose
__CxxFrameHandler
strtok
atol
atoi
system
srand
rand
strncpy
_onexit
fread
??1type_info@@UAE@XZ
strstr
strncat
_snprintf
_vsnprintf
toupper
islower

netapi32

NetApiBufferFree
NetUserEnum
NetScheduleJobAdd
NetRemoteTOD
NetShareDel

psapi

EnumProcesses
EnumProcessModules
GetModuleBaseNameA

shell32

ShellExecuteA

wininet

InternetGetConnectedStateEx
FtpPutFileA
InternetOpenA
InternetConnectA
FtpGetFileA
InternetCloseHandle
InternetOpenUrlA

ws2_32

gethostbyaddr
getsockname
__WSAFDIsSet
select
sendto
WSASocketA
getpeername
ioctlsocket
gethostname
WSACleanup
bind
listen
inet_ntoa
inet_addr
accept
gethostbyname
htons
socket
connect
shutdown
closesocket
recv
WSACloseEvent
send
htonl
WSAStartup

ntdll

NtQuerySystemInformation
ZwSystemDebugControl

ole32

CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

VariantClear
SysAllocString
SysFreeString
VariantInit
GetErrorInfo

Sections

.data
Size: 115KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0e340e0b18c47477853de8f517b816f5

Headers

File Characteristics

Imports

kernel32

user32

advapi32

mpr

msvcrt

netapi32

psapi

shell32

wininet

ws2_32

ntdll

ole32

oleaut32

Sections

.data Size: 115KB - Virtual size: 114KB

.CRT Size: 512B - Virtual size: 4B

.rsrc Size: 11KB - Virtual size: 11KB

.data
Size: 115KB - Virtual size: 114KB

.CRT
Size: 512B - Virtual size: 4B

.rsrc
Size: 11KB - Virtual size: 11KB