b8f4f6f157bd24f563750b7a3dd5ed2b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b8f4f6f157bd24f563750b7a3dd5ed2b_JaffaCakes118
Size

107KB
MD5

b8f4f6f157bd24f563750b7a3dd5ed2b
SHA1

7fb7f9c0308ef82114cdea49a33678c27bef049e
SHA256

5f772559d857b71b24bccfd2e14bffaf94ed202e961e4649e584cb69e03a082d
SHA512

646b8925780454329dec61de7975f6d7ea387a2ceeb30af17f458db8ae1e7fd5d1295c8a604f66bd95df18ae2180f0ef6ba2e8191e5b537d418315c18f3bd4bf
SSDEEP

3072:6irntqn3Yu+WVlhFj/V1dALmgTdRQME6t:brnMYudVlhbomgDQMEs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b8f4f6f157bd24f563750b7a3dd5ed2b_JaffaCakes118

Files

b8f4f6f157bd24f563750b7a3dd5ed2b_JaffaCakes118
.exe windows:5 windows x86 arch:x86

7fe05f9452804bca9029f95b5502a638

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessW
HeapAlloc
SystemTimeToFileTime
SetFilePointerEx
HeapFree
CreateDirectoryW
GetTickCount
GetProcessHeap
IsBadReadPtr
SetFileTime
VirtualQueryEx
WriteFile
Thread32First
WideCharToMultiByte
LoadLibraryW
ReadProcessMemory
HeapDestroy
HeapCreate
GetFileAttributesW
Thread32Next
ReadFile
GetTimeZoneInformation
CreateFileW
MultiByteToWideChar
FlushFileBuffers
GetTempPathW
GetFileSizeEx
OpenMutexW
FreeLibrary
SetLastError
VirtualAlloc
VirtualProtectEx
VirtualAllocEx
FindClose
LoadLibraryA
RemoveDirectoryW
FindNextFileW
VirtualProtect
GetFileTime
ReleaseMutex
FileTimeToLocalFileTime
GetVolumeNameForVolumeMountPointW
DeleteFileW
GetFileInformationByHandle
SetFileAttributesW
GlobalLock
GlobalUnlock
ResetEvent
lstrcmpiA
WTSGetActiveConsoleSessionId
GetThreadContext
SetThreadContext
GetProcessId
GetNativeSystemInfo
MoveFileExW
GetUserDefaultUILanguage
CreateRemoteThread
OpenProcess
SetEndOfFile
FindFirstFileW
CreateMutexW
HeapReAlloc
GetTempFileNameW
FileTimeToDosDateTime
GetEnvironmentVariableW
WriteProcessMemory
VirtualFreeEx
Process32FirstW
LocalFree
GetLastError
GetCurrentProcessId
Process32NextW
CreateToolhelp32Snapshot
CloseHandle
GetCurrentThread
Sleep
SetThreadPriority
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetLocalTime
GetSystemTime
CreateThread
DuplicateHandle
OpenEventW
GetFileAttributesExW
lstrcmpiW
GetProcAddress
GetModuleFileNameW
GetVersionExW
VirtualFree
GetModuleHandleW
SetEvent
GetComputerNameW
SetErrorMode
GetCommandLineW
ExitProcess
ExpandEnvironmentStringsW
GetPrivateProfileIntW
GetPrivateProfileStringW
WaitForMultipleObjects
CreateEventW
WaitForSingleObject

user32

MsgWaitForMultipleObjects
LoadImageW
ExitWindowsEx
DispatchMessageW
GetClipboardData
ToUnicode
GetKeyboardState
GetCursorPos
CharToOemW
TranslateMessage
GetIconInfo
DrawIcon
CharLowerBuffA
CharLowerW
CharUpperW
PeekMessageW
CharLowerA

advapi32

IsWellKnownSid
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
CryptGetHashParam
ConvertSidToStringSidW
InitiateSystemShutdownExW
EqualSid
CryptHashData
RegSetValueExW
AdjustTokenPrivileges
CryptDestroyHash
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
CryptCreateHash
LookupPrivilegeValueW
SetNamedSecurityInfoW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CreateProcessAsUserW
RegQueryValueExW
CryptReleaseContext
RegCreateKeyExW
GetTokenInformation
GetSidSubAuthorityCount
OpenThreadToken
CryptAcquireContextW
GetSidSubAuthority
OpenProcessToken
GetLengthSid

shlwapi

PathRemoveBackslashW
UrlUnescapeA
wvnsprintfW
PathIsDirectoryW
PathFindFileNameW
PathAddBackslashW
PathRenameExtensionW
PathSkipRootW
SHDeleteKeyW
PathCombineW
PathAddExtensionW
PathUnquoteSpacesW
StrStrIW
StrCmpNIA
wvnsprintfA
StrCmpNIW
PathIsURLW
PathMatchSpecW
PathRemoveFileSpecW
StrStrIA
PathQuoteSpacesW
SHDeleteValueW

shell32

SHGetFolderPathW
CommandLineToArgvW
ShellExecuteW

secur32

GetUserNameExW

ole32

StringFromGUID2
CLSIDFromString
CoUninitialize
CoCreateInstance
CoInitializeEx

ws2_32

WSASetLastError
freeaddrinfo
socket
bind
recv
shutdown
setsockopt
recvfrom
sendto
getpeername
WSASend
WSAIoctl
connect
WSAAddressToStringW
WSAStartup
getaddrinfo
select
WSAGetLastError
closesocket
listen
WSAEventSelect
getsockname
accept
send

crypt32

CertCloseStore
PFXExportCertStoreEx
PFXImportCertStore
CertDeleteCertificateFromStore
CertOpenSystemStoreW
CertEnumCertificatesInStore
CertDuplicateCertificateContext

wininet

InternetOpenA
HttpAddRequestHeadersW
InternetSetStatusCallbackW
GetUrlCacheEntryInfoW
HttpSendRequestW
InternetReadFileExA
InternetQueryDataAvailable
HttpSendRequestExW
HttpSendRequestExA
InternetQueryOptionA
InternetSetOptionA
InternetReadFile
InternetQueryOptionW
InternetCloseHandle
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetCrackUrlA
InternetConnectA
HttpQueryInfoA

oleaut32

VariantInit
VariantClear
SysFreeString
SysAllocString

netapi32

NetUserEnum
NetApiBufferFree
NetUserGetInfo

Sections

.text
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7fe05f9452804bca9029f95b5502a638

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

shell32

secur32

ole32

ws2_32

crypt32

wininet

oleaut32

netapi32

Sections

.text Size: 100KB - Virtual size: 100KB

.data Size: 512B - Virtual size: 7KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 100KB - Virtual size: 100KB

.data
Size: 512B - Virtual size: 7KB

.reloc
Size: 4KB - Virtual size: 4KB