b84a148f40c3a694b930c5374f7a90cb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b84a148f40c3a694b930c5374f7a90cb_JaffaCakes118
Size

112KB
MD5

b84a148f40c3a694b930c5374f7a90cb
SHA1

333f5acc35ea0206f7d1deadcb94ca6ec9564d02
SHA256

7a3b78feba1670850602b7c33cb0968b4d89db609d98c81744b43cae23d563f5
SHA512

032ba7ba40ed36cddbcd9cedaf53db82db98ac35a122a3cf37fb95452cdc62f1a7cde68d232525114cafe0cab36451ea977e1ae3912449cc738b8b99797bee3b
SSDEEP

1536:ODnDmTqpUmmXy1v9c15SSTUbPSltIZekg9QZm1W2W4iqaWhXLaL:GKOpnmXy1v615xqPsZom1PW4i7WheL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b84a148f40c3a694b930c5374f7a90cb_JaffaCakes118

Files

b84a148f40c3a694b930c5374f7a90cb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d3d1f4630c145d662b823d0c2e53d6d8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessA
GetSystemDirectoryA
GetTempFileNameA
GetVersionExA
WideCharToMultiByte
GetProcAddress
LoadLibraryA
lstrcpynA
GetPrivateProfileStringA
GetPrivateProfileSectionNamesA
MultiByteToWideChar
IsDebuggerPresent
lstrlenW
lstrcpyA
SetLastError
FreeLibrary
WinExec
OpenProcess
WriteFile
CreateFileA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileSize
FindClose
FindNextFileA
FindFirstFileA
ExpandEnvironmentStringsA
HeapAlloc
CreateThread
HeapDestroy
HeapReAlloc
HeapFree
GetCurrentProcessId
TerminateThread
SetFilePointer
DuplicateHandle
GetCurrentProcess
GetProcessHeap
ReadFile
GetLastError
GetVolumeInformationA
GetWindowsDirectoryA
GetEnvironmentVariableA
CreatePipe
GetStdHandle
GetTickCount
ExitProcess
CreateNamedPipeA
GetShortPathNameA
SetErrorMode
SetPriorityClass
OutputDebugStringA
GetCurrentThreadId
MoveFileA
CompareStringA
lstrcmpiA
CompareStringW
GetProcessTimes
DeleteFileA
WaitForSingleObject
CreateToolhelp32Snapshot
CloseHandle
Thread32First
Thread32Next
lstrcatA
lstrcmpA
Sleep
GetFileAttributesA
GetFileTime
FileTimeToSystemTime
lstrlenA
GlobalFree
LocalFree
GetSystemInfo
GetLogicalDrives
GetDriveTypeA
GetDiskFreeSpaceA
GetSystemTime
GetComputerNameA
GlobalAlloc
GetACP
GetOEMCP
GetCurrentDirectoryA
GetTempPathA
GetModuleHandleA
HeapCreate
GetModuleFileNameA

user32

EnumThreadWindows
ShowWindow
MessageBoxA
EnumDisplaySettingsA
GetSystemMetrics
wsprintfA
wvsprintfA
LockSetForegroundWindow
CharLowerBuffA
CharUpperBuffA
GetKeyboardLayoutNameA

advapi32

CryptHashData
CryptDecrypt
CryptDestroyKey
CryptDestroyHash
CryptReleaseContext
RegEnumValueW
RegQueryValueExW
RegEnumValueA
RegOpenKeyExA
RegQueryInfoKeyA
RegEnumKeyExA
RegOpenKeyA
RegEnumKeyA
RegQueryValueExA
RegCloseKey
GetUserNameA
CryptCreateHash
CryptAcquireContextA
OpenProcessToken
RegSetValueExA
RegCreateKeyA
RegDeleteValueA
AdjustTokenPrivileges
LookupPrivilegeValueA
CryptGenRandom
CryptDeriveKey

oleaut32

SysAllocString
SafeArrayPutElement
SafeArrayCreate
VariantInit
SysFreeString

shell32

SHGetSpecialFolderPathA
SHGetFolderPathA
ord680

ole32

CoCreateInstance
OleInitialize
CoTaskMemFree

psapi

EnumProcesses
GetModuleFileNameExA

shlwapi

StrStrIA

crypt32

CryptUnprotectData

iphlpapi

GetNetworkParams

ws2_32

WSAStartup
gethostname
gethostbyname
inet_ntoa

urlmon

URLDownloadToFileA

Sections

.text
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d3d1f4630c145d662b823d0c2e53d6d8

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

shell32

ole32

psapi

shlwapi

crypt32

iphlpapi

ws2_32

urlmon

Sections

.text Size: 76KB - Virtual size: 73KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 12KB - Virtual size: 18KB

.text
Size: 76KB - Virtual size: 73KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 12KB - Virtual size: 18KB