b49b5338d024e56db94cf02d2a03161e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b49b5338d024e56db94cf02d2a03161e_JaffaCakes118
Size

113KB
MD5

b49b5338d024e56db94cf02d2a03161e
SHA1

b800bb1d30a308be29387ab538c36eeb73c6c3d0
SHA256

071514665bfe8eee0d2865b9cc1ff76e5e3dc2bda44de97fad261d74e6930d42
SHA512

8fa8136d2e312a0a131b648869d3be2df61a44a225beef575e365a3b0f2dd9fbd128518684d4bd23a7a6dfa11f2dfdd1d94d3e4287770a193cb2a399e56e730c
SSDEEP

3072:YWvSI61mjWf9OMHXqqEbzeUkRO5579weJkeurBL:Yat6MjWf9OMszus55hwt/r5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b49b5338d024e56db94cf02d2a03161e_JaffaCakes118

Files

b49b5338d024e56db94cf02d2a03161e_JaffaCakes118
.exe windows:5 windows x86 arch:x86

6c7beb523788c8d413ff484df79732f8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Thread32Next
ReadFile
GetTimeZoneInformation
CreateFileW
MultiByteToWideChar
FlushFileBuffers
GetTempPathW
GetFileSizeEx
OpenMutexW
GetLastError
SetLastError
GetProcAddress
VirtualProtectEx
VirtualAllocEx
FindClose
LoadLibraryA
RemoveDirectoryW
WaitForMultipleObjects
lstrcmpiW
FindNextFileW
VirtualProtect
CreateToolhelp32Snapshot
GetFileTime
ReleaseMutex
FileTimeToLocalFileTime
GetVolumeNameForVolumeMountPointW
DeleteFileW
GetFileInformationByHandle
LocalFree
WriteProcessMemory
ExpandEnvironmentStringsW
ExitProcess
SetEvent
lstrcmpiA
WTSGetActiveConsoleSessionId
GetCommandLineW
SetErrorMode
GetComputerNameW
GetVersionExW
GetModuleFileNameW
CreateEventW
OpenEventW
DuplicateHandle
GetCurrentProcessId
GlobalLock
GlobalUnlock
SetThreadPriority
MoveFileExW
GetUserDefaultUILanguage
GetNativeSystemInfo
GetPrivateProfileStringW
GetPrivateProfileIntW
CreateRemoteThread
Process32FirstW
Process32NextW
ResetEvent
SetThreadContext
InitializeCriticalSection
GetFileAttributesW
HeapCreate
HeapDestroy
ReadProcessMemory
Sleep
LoadLibraryW
WideCharToMultiByte
Thread32First
VirtualFreeEx
LeaveCriticalSection
OpenProcess
SetFileAttributesW
WriteFile
VirtualAlloc
EnterCriticalSection
GetProcessId
GetFileAttributesExW
CloseHandle
GetLocalTime
GetSystemTime
CreateThread
GetEnvironmentVariableW
FileTimeToDosDateTime
GetTempFileNameW
VirtualQueryEx
SetFileTime
IsBadReadPtr
GetProcessHeap
VirtualFree
GetCurrentThread
GetTickCount
GetModuleHandleW
WaitForSingleObject
CreateDirectoryW
HeapFree
SetFilePointerEx
SystemTimeToFileTime
HeapAlloc
CreateProcessW
FreeLibrary
SetEndOfFile
FindFirstFileW
CreateMutexW
HeapReAlloc
GetThreadContext

user32

ExitWindowsEx
DispatchMessageW
ToUnicode
GetClipboardData
GetKeyboardState
CharLowerBuffA
LoadImageW
MsgWaitForMultipleObjects
CharToOemW
GetCursorPos
GetIconInfo
DrawIcon
CharLowerW
CharUpperW
PeekMessageW
CharLowerA
TranslateMessage

advapi32

GetSidSubAuthorityCount
OpenProcessToken
GetSidSubAuthority
CryptAcquireContextW
OpenThreadToken
InitiateSystemShutdownExW
RegEnumKeyExW
ConvertSidToStringSidW
GetLengthSid
IsWellKnownSid
EqualSid
CryptHashData
RegSetValueExW
RegCloseKey
AdjustTokenPrivileges
CryptDestroyHash
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
RegOpenKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
CryptCreateHash
LookupPrivilegeValueW
SetNamedSecurityInfoW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CreateProcessAsUserW
RegQueryValueExW
CryptReleaseContext
RegCreateKeyExW
GetTokenInformation
CryptGetHashParam

shlwapi

PathAddBackslashW
SHDeleteValueW
PathSkipRootW
SHDeleteKeyW
PathCombineW
PathAddExtensionW
PathUnquoteSpacesW
PathRemoveBackslashW
PathRemoveFileSpecW
StrCmpNIA
wvnsprintfA
StrCmpNIW
PathRenameExtensionW
PathFindFileNameW
StrStrIA
StrStrIW
PathIsURLW
PathQuoteSpacesW
PathIsDirectoryW
wvnsprintfW
UrlUnescapeA
PathMatchSpecW

shell32

CommandLineToArgvW
ShellExecuteW
SHGetFolderPathW

secur32

GetUserNameExW

ole32

StringFromGUID2
CLSIDFromString
CoUninitialize
CoCreateInstance
CoInitializeEx

ws2_32

socket
bind
recv
setsockopt
shutdown
select
getsockname
WSAGetLastError
recvfrom
sendto
WSAEventSelect
getpeername
WSASend
WSAIoctl
connect
WSAAddressToStringW
WSAStartup
getaddrinfo
WSASetLastError
closesocket
send
listen
accept
freeaddrinfo

crypt32

CertCloseStore
CryptUnprotectData
PFXImportCertStore
CertDeleteCertificateFromStore
CertOpenSystemStoreW
CertEnumCertificatesInStore
CertDuplicateCertificateContext
PFXExportCertStoreEx

wininet

InternetOpenA
HttpAddRequestHeadersW
InternetSetStatusCallbackW
GetUrlCacheEntryInfoW
HttpSendRequestW
InternetReadFileExA
InternetQueryDataAvailable
HttpSendRequestExW
HttpSendRequestExA
InternetQueryOptionA
InternetSetOptionA
InternetReadFile
InternetQueryOptionW
InternetCloseHandle
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetCrackUrlA
InternetConnectA
HttpQueryInfoA

oleaut32

VariantInit
VariantClear
SysFreeString
SysAllocString

netapi32

NetUserEnum
NetApiBufferFree
NetUserGetInfo

Sections

.text
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6c7beb523788c8d413ff484df79732f8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

shell32

secur32

ole32

ws2_32

crypt32

wininet

oleaut32

netapi32

Sections

.text Size: 106KB - Virtual size: 105KB

.data Size: 512B - Virtual size: 7KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 106KB - Virtual size: 105KB

.data
Size: 512B - Virtual size: 7KB

.reloc
Size: 5KB - Virtual size: 4KB