b9881f3af4b0359c6e923e8c3b75e220_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b9881f3af4b0359c6e923e8c3b75e220_JaffaCakes118
Size

128KB
MD5

b9881f3af4b0359c6e923e8c3b75e220
SHA1

ad87110353c08895b7384737788e48fd1b375f69
SHA256

37c5e5107ffc14851a35c02f7edaf3b5666ea4dad89096e087b8450f12e5ff1a
SHA512

a8571ec7a840a3ad9bf775408023bd5e5456987e796102277648c6a29907803ff73f152b1d5f6652066dd5fa5527cffe73e0ff960080b400b4fe79e7b730f450
SSDEEP

3072:ogLt9ezTnIz3TBm77+4hQ4uqAvOiraSMTNSImc4d2ni7TBENbC8g:oe9ezrIz3TBm7Di7FvzrFMTNStcDm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b9881f3af4b0359c6e923e8c3b75e220_JaffaCakes118

Files

b9881f3af4b0359c6e923e8c3b75e220_JaffaCakes118
.exe windows:5 windows x86 arch:x86

3ea60282805b088ce948487ba2a9ccfc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

logagent.pdb

Imports

msvcrt

__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
exit
_cexit
strncpy
strtoul
sprintf
rand
_snwprintf
_snprintf
_beginthreadex
_ultoa
_XcptFilter
_exit
_c_exit
calloc
wcsrchr
_except_handler3
__set_app_type
sscanf
_stricmp
realloc
_acmdln
_purecall
__dllonexit
_onexit
_controlfp
_wtoi
wcscmp
towupper
wcsncpy
_strnicmp
strchr
wcscspn
wcsspn
iswascii
iswcntrl
iswdigit
swscanf
__CxxFrameHandler
wcschr
wcsncmp
_vsnprintf
iswalpha
_ultow
_vsnwprintf
??3@YAXPAX@Z
??2@YAPAXI@Z
_wcsicmp
_wcsnicmp
free
malloc
wcslen

advapi32

RegDeleteValueW
RegDeleteKeyW
RegEnumValueW
RegQueryValueExA
RegSetValueExW
RegOpenKeyExW
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
InitializeAcl
InitializeSecurityDescriptor
GetLengthSid
MakeAbsoluteSD
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumValueA
FreeSid
AllocateAndInitializeSid
RegEnumKeyExA
DeleteAce
EqualSid
AddAccessAllowedAce
AddAccessDeniedAce
AddAce
GetAclInformation
GetAce
OpenProcessToken
GetTokenInformation
MakeSelfRelativeSD
RegQueryValueExW
RegCreateKeyExW
GetSecurityDescriptorLength
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl

kernel32

GetStartupInfoA
GetModuleHandleA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
OpenProcess
GetExitCodeProcess
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetCommandLineA
GetCurrentThreadId
GetShortPathNameA
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
LoadLibraryA
GetProcAddress
FreeLibrary
GetModuleFileNameA
lstrcatA
lstrcpyA
lstrcpynA
IsDBCSLeadByte
lstrcmpiA
lstrlenA
lstrlenW
CreateSemaphoreA
CreateThread
WaitForMultipleObjects
MultiByteToWideChar
WideCharToMultiByte
GetLastError
CloseHandle
HeapAlloc
GetProcessHeap
HeapFree
InterlockedDecrement
WaitForSingleObjectEx
HeapSize
CreateEventA
Sleep
SetEvent
InterlockedCompareExchange
LocalFree
LocalAlloc
WaitForSingleObject
GetSystemDirectoryA
ReleaseSemaphore
LeaveCriticalSection
EnterCriticalSection
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
SetThreadPriority
GetCurrentThread
GetSystemInfo
FreeLibraryAndExitThread
GetVersionExA
SetLastError
CreateEventW
GetModuleFileNameW
LoadLibraryW
GetVersionExW
GetComputerNameA
GetComputerNameW

user32

CharNextA
DestroyWindow
PostQuitMessage
SetWindowLongA
GetMessageA
DispatchMessageA
PostThreadMessageA
SendMessageA
CreateWindowExA
DefWindowProcA
GetWindowLongA
PostMessageA
RegisterClassA
RegisterWindowMessageA

ole32

CoInitialize
CoCreateInstance
CoSuspendClassObjects
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateGuid
CoUninitialize
CoInitializeEx
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemFree

oleaut32

SysFreeString
VariantInit
VariantClear
VarUI4FromStr
LoadTypeLi
RegisterTypeLi
SysAllocString

wininet

InternetCloseHandle
InternetConnectW
InternetCrackUrlW
InternetSetOptionA
HttpQueryInfoW
InternetErrorDlg
InternetReadFile
HttpQueryInfoA
HttpEndRequestA
HttpSendRequestExW
InternetQueryDataAvailable
HttpOpenRequestW
InternetOpenW
InternetQueryOptionA

wsock32

WSAAsyncSelect
ntohl
connect
send
sendto
recv
ioctlsocket
WSAGetLastError
gethostbyname
inet_addr
htonl
getservbyname
htons
gethostbyaddr
ntohs
getservbyport
WSASetLastError
WSACleanup
inet_ntoa
getsockname
getpeername
setsockopt
getsockopt
closesocket
shutdown
bind
socket

Sections

.text
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sxvmzka
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3ea60282805b088ce948487ba2a9ccfc

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

kernel32

user32

ole32

oleaut32

wininet

wsock32

Sections

.text Size: 97KB - Virtual size: 97KB

.data Size: 1024B - Virtual size: 5KB

.rsrc Size: 28KB - Virtual size: 30KB

sxvmzka Size: - Virtual size: 4KB

.text
Size: 97KB - Virtual size: 97KB

.data
Size: 1024B - Virtual size: 5KB

.rsrc
Size: 28KB - Virtual size: 30KB

sxvmzka
Size: - Virtual size: 4KB