b2fa61d0cfbbdec3e55a8628120c8408_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b2fa61d0cfbbdec3e55a8628120c8408_JaffaCakes118
Size

61KB
MD5

b2fa61d0cfbbdec3e55a8628120c8408
SHA1

d50658e077c3adbf7513f7547df641888e16aacc
SHA256

6131e60aa6f9dc1afabbf0a9d8034cee1566bd9e1084d9c941bb6c3c8bb9079f
SHA512

731b6ac196b5a1dfe24ffbf0546e647d16ecb46a14b8888e9f01d57041da968b4df5df4b666bf75f243ac6860b57e9894d567df241f85e8fcd70bc9d8646bc46
SSDEEP

1536:DN9AQU2qrDDH+te3a17t5bzhd9fmUm5liaiIPNLaFKG3:XAQxq/6XfhTf6viIUT3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b2fa61d0cfbbdec3e55a8628120c8408_JaffaCakes118

Files

b2fa61d0cfbbdec3e55a8628120c8408_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8f6a3c2ad8aacc908a47542dfa3c0258

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetErrorMode
Sleep
GetCurrentProcessId
GetCommandLineA
GetTickCount
CloseHandle
WriteFile
CreateFileA
IsBadReadPtr
WaitForSingleObject
SetLastError
GetProcAddress
LoadLibraryA
GetModuleHandleA
CreateThread
TerminateThread
CreateMutexA
lstrlenA
lstrcpyA
GlobalUnlock
GlobalLock
GlobalAlloc
ExitThread
InterlockedDecrement
GetLastError
ReleaseMutex
GetLocaleInfoA
GetComputerNameA
CreateProcessA
ExitProcess
GetVersionExA
GlobalMemoryStatus
SetFileTime
GetFileTime
GetModuleFileNameA
GetSystemDirectoryA
GetWindowsDirectoryA
CreateDirectoryA
SetFileAttributesA
DeleteFileA
CopyFileA
GetExitCodeThread
GetStartupInfoA
GetFileAttributesA
WideCharToMultiByte
LocalFree

msvcp60

?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHIIPBDI@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHABV12@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

msvcrt

memcpy
_vsnprintf
atoi
sprintf
fgets
fopen
strcmp
free
__dllonexit
strchr
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_CxxThrowException
wcslen
??2@YAPAXI@Z
_EH_prolog
__CxxFrameHandler
srand
rand
strncpy
memset
strstr
_snprintf
strcat
strlen
malloc
strcpy
_onexit
??1type_info@@UAE@XZ

ws2_32

send
gethostbyaddr
inet_ntoa
gethostbyname
connect
htons
socket
recv
closesocket
WSACleanup
WSAStartup
inet_addr

user32

PostMessageA
FindWindowExA
keybd_event
FindWindowA
GetWindowTextA
SetForegroundWindow
SetFocus
ShowWindow
VkKeyScanA
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
CharUpperBuffA
SetCursorPos
CharLowerBuffA
ClipCursor

ole32

CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocString

advapi32

GetUserNameA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

SHGetPathFromIDListA
ShellExecuteA
SHGetSpecialFolderLocation

wininet

InternetGetLastResponseInfoA
DeleteUrlCacheEntry
InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetCloseHandle

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 226KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8f6a3c2ad8aacc908a47542dfa3c0258

Headers

File Characteristics

Imports

kernel32

msvcp60

msvcrt

ws2_32

user32

ole32

oleaut32

advapi32

shell32

wininet

Sections

.text Size: 32KB - Virtual size: 32KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 20KB - Virtual size: 226KB

.text
Size: 32KB - Virtual size: 32KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 20KB - Virtual size: 226KB