b81fab9b61bed8888151429aabe5ab38_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b81fab9b61bed8888151429aabe5ab38_JaffaCakes118
Size

540KB
MD5

b81fab9b61bed8888151429aabe5ab38
SHA1

88db07e6a99ad6d999e7b2d40cc170aebc66947e
SHA256

9a9aea9ba3039f0ba8973685a5df91bee1ab9e725b0bb5380ae16418fdde57df
SHA512

e316eb4bb927323e98865ea68d01302fe7bedad69eabb0961d480ef78ffe01ec8da371536c2a565b4cd511cb5239b3b888b22e5539476a9fa2808af4cf75cdcd
SSDEEP

12288:ZIa2gkFfTruOXyWrIA1sipJhZQrli6n+7NdVQuGv9QKkw:ZhSbrnyWrIA/JhZQrUe+7NdVQJ2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b81fab9b61bed8888151429aabe5ab38_JaffaCakes118

Files

b81fab9b61bed8888151429aabe5ab38_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c9379c0b09ab5302ce6e943eb5c321c5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\Documents and Settings\B0FLab\my documents\visual studio 2010\Projects\moma\Debug\moma.pdb

Imports

wininet

InternetReadFile
InternetCloseHandle
InternetOpenUrlW
InternetOpenW
FtpPutFileW
InternetConnectW

ws2_32

gethostbyname
gethostname
WSAStartup
inet_ntoa

advapi32

CheckTokenMembership
FreeSid
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
GetUserNameW
AllocateAndInitializeSid

user32

GetForegroundWindow
GetWindowTextW
GetAsyncKeyState
GetKeyState
wsprintfW

psapi

EnumProcesses
EnumProcessModules
GetModuleBaseNameW

kernel32

GetUserDefaultLCID
GetProcessHeap
IsValidLocale
GetLocaleInfoA
SetStdHandle
CreateFileA
CreateProcessA
SetEndOfFile
CompareStringW
SetEnvironmentVariableA
EnumSystemLocalesA
EncodePointer
GetStringTypeW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapDestroy
HeapCreate
HeapFree
LoadLibraryW
GetComputerNameW
Process32NextW
TerminateProcess
GetExitCodeProcess
OpenProcess
CloseHandle
Process32FirstW
CreateToolhelp32Snapshot
GetCurrentProcess
DeleteFileW
GetLastError
GetSystemTime
Sleep
GetExitCodeThread
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
GetSystemDirectoryW
WaitForSingleObject
GetProcAddress
FreeLibrary
ExitProcess
WriteFile
SetFilePointer
ReadFile
CreateFileW
CopyFileW
GetTempFileNameW
GetTempPathW
GetModuleFileNameW
CreateThread
GetVersionExW
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
DecodePointer
GetModuleHandleW
RtlUnwind
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapValidate
IsBadReadPtr
GetCommandLineA
HeapSetInformation
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
GetCPInfo
lstrlenA
VirtualQuery
GetStdHandle
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
GetCurrentThreadId
TlsFree
SetLastError
GetCurrentThread
InitializeCriticalSectionAndSpinCount
FatalAppExitA
SetConsoleCtrlHandler
GetLocaleInfoW
IsProcessorFeaturePresent
SetHandleCount
GetFileType
GetStartupInfoW
GetFileAttributesA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
HeapAlloc
GetModuleFileNameA
HeapReAlloc
HeapSize
HeapQueryInformation

Sections

.textbss
Size: - Virtual size: 205KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 439KB - Virtual size: 438KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c9379c0b09ab5302ce6e943eb5c321c5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wininet

ws2_32

advapi32

user32

psapi

kernel32

Sections

.textbss Size: - Virtual size: 205KB

.text Size: 439KB - Virtual size: 438KB

.rdata Size: 87KB - Virtual size: 86KB

.data Size: 7KB - Virtual size: 16KB

.idata Size: 5KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 1KB

.textbss
Size: - Virtual size: 205KB

.text
Size: 439KB - Virtual size: 438KB

.rdata
Size: 87KB - Virtual size: 86KB

.data
Size: 7KB - Virtual size: 16KB

.idata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB