bf839cb54473c333b2c151ad627eb39f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bf839cb54473c333b2c151ad627eb39f_JaffaCakes118
Size

104KB
MD5

bf839cb54473c333b2c151ad627eb39f
SHA1

34af1909ec77d2c3878724234b9b1e3141c91409
SHA256

d9cfcd9e64cdd0a4beba9da2b1cfdf7b5af9480bc19d6fdf95ec5b1f07fceb1d
SHA512

23cb63162d3f8acc4db70e1ecb36b80748caaaa9993ee2c48141fd458d75ffb1866e7b6ca6218da2a77bd9fcb8eed3b893a705012960da233b080c55dc3d8c3d
SSDEEP

1536:cRkt+szOZL3qUxDOXyg8vjX25dCtLvOPQ6eni9QRO1/dmpWgJk:f+sMGU9OXygkj2AzDiUO1lmcEk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bf839cb54473c333b2c151ad627eb39f_JaffaCakes118

Files

bf839cb54473c333b2c151ad627eb39f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8e8dfb0e07693fd438a71fa268322521

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessA
GetSystemDirectoryA
GetTempFileNameA
GetVersionExA
WideCharToMultiByte
GetProcAddress
LoadLibraryA
lstrcpynA
GetPrivateProfileStringA
GetPrivateProfileSectionNamesA
MultiByteToWideChar
IsDebuggerPresent
lstrlenW
lstrcpyA
SetLastError
FreeLibrary
WinExec
OpenProcess
WriteFile
CreateFileA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileSize
FindClose
FindNextFileA
FindFirstFileA
ExpandEnvironmentStringsA
CreateThread
HeapCreate
HeapDestroy
HeapReAlloc
GetLastError
GetVolumeInformationA
GetWindowsDirectoryA
GetEnvironmentVariableA
GetCurrentProcess
ReadFile
DuplicateHandle
CreatePipe
GetStdHandle
GetTickCount
ExitProcess
CreateNamedPipeA
GetShortPathNameA
SetErrorMode
SetPriorityClass
OutputDebugStringA
GetCurrentThreadId
GetProcessHeap
HeapFree
SetFilePointer
MoveFileA
CompareStringA
lstrcmpiA
CompareStringW
GetProcessTimes
DeleteFileA
WaitForSingleObject
CreateToolhelp32Snapshot
CloseHandle
Thread32First
Thread32Next
lstrcatA
lstrcmpA
Sleep
GetFileAttributesA
GetFileTime
FileTimeToSystemTime
lstrlenA
GlobalFree
LocalFree
GetSystemInfo
GetLogicalDrives
GetDriveTypeA
GetDiskFreeSpaceA
GetSystemTime
GetComputerNameA
GlobalAlloc
GetACP
GetOEMCP
GetCurrentDirectoryA
GetTempPathA
GetModuleHandleA
HeapAlloc
GetModuleFileNameA

user32

EnumThreadWindows
ShowWindow
MessageBoxA
EnumDisplaySettingsA
GetSystemMetrics
wsprintfA
wvsprintfA
LockSetForegroundWindow
CharLowerBuffA
CharUpperBuffA
GetKeyboardLayoutNameA

advapi32

CryptHashData
CryptDecrypt
CryptDestroyKey
CryptDestroyHash
CryptReleaseContext
RegEnumValueW
RegQueryValueExW
RegEnumValueA
RegOpenKeyExA
RegQueryInfoKeyA
RegEnumKeyExA
RegOpenKeyA
RegEnumKeyA
RegQueryValueExA
RegCloseKey
GetUserNameA
CryptCreateHash
CryptAcquireContextA
OpenProcessToken
RegSetValueExA
RegCreateKeyA
RegDeleteValueA
AdjustTokenPrivileges
LookupPrivilegeValueA
CryptGenRandom
CryptDeriveKey

oleaut32

SysAllocString
SafeArrayPutElement
SafeArrayCreate
VariantInit
SysFreeString

shell32

SHGetSpecialFolderPathA
SHGetFolderPathA
ord680

ole32

CoCreateInstance
OleInitialize
CoTaskMemFree

psapi

EnumProcesses
GetModuleFileNameExA

shlwapi

StrStrIA

crypt32

CryptUnprotectData

iphlpapi

GetNetworkParams

ws2_32

WSAStartup
gethostname
gethostbyname
inet_ntoa

urlmon

URLDownloadToFileA

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8e8dfb0e07693fd438a71fa268322521

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

shell32

ole32

psapi

shlwapi

crypt32

iphlpapi

ws2_32

urlmon

Sections

.text Size: 72KB - Virtual size: 71KB

.rdata Size: 20KB - Virtual size: 18KB

.data Size: 8KB - Virtual size: 14KB

.text
Size: 72KB - Virtual size: 71KB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 8KB - Virtual size: 14KB