c830902f5b8604a442c25be990e14622_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c830902f5b8604a442c25be990e14622_JaffaCakes118
Size

351KB
MD5

c830902f5b8604a442c25be990e14622
SHA1

5fb4f00b32b9b2d570cb4150c1ac2245dcbd7edf
SHA256

f9c8fec5e16e62405cf201180a3d98d85b0cfb69484ee9ccb3cded9dc91791ce
SHA512

ba17b813f8d7c2a9868d75ccd25d3565ae09fe65e92b024f86fb8e0473684e33bc41df24d5cea7b7d8a0d5cc258f2bd17f843fbc905a76394ccd9a61f115bacb
SSDEEP

6144:PHWzMIVh2oOZl3DgdSHHPcMxADN/2IF0j2sm/Es8Hz45h/qlz5ZTq:PHWz9hmZl3DGSHvcXDljFg2z/Es+z4Kq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c830902f5b8604a442c25be990e14622_JaffaCakes118

Files

c830902f5b8604a442c25be990e14622_JaffaCakes118
.exe windows:4 windows x86 arch:x86

23d1c4e7fd8318fc3d50806a7cc38065

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\ehaof\qrptnxf

Imports

advapi32

RegQueryValueW
RegLoadKeyW
CryptReleaseContext
GetUserNameW
RegEnumKeyW
DuplicateTokenEx
LookupAccountNameA
RegQueryMultipleValuesA
CryptDeriveKey

wininet

DeleteUrlCacheGroup
FtpSetCurrentDirectoryA
GopherGetLocatorTypeA
HttpAddRequestHeadersA

user32

RegisterClassA
TabbedTextOutW
NotifyWinEvent
CascadeWindows
DdeFreeDataHandle
RegisterClassExA

comdlg32

ChooseColorA
GetOpenFileNameA

comctl32

ImageList_DrawEx
ImageList_Destroy
ImageList_SetFilter
DrawStatusTextW
CreateStatusWindow
ImageList_GetImageInfo
ImageList_AddMasked
InitCommonControlsEx
CreatePropertySheetPage
CreatePropertySheetPageW
ImageList_ReplaceIcon
ImageList_DragEnter
ImageList_BeginDrag
DrawStatusText
DestroyPropertySheetPage
ImageList_Draw
MakeDragList
ImageList_DragLeave

kernel32

InterlockedExchange
GetCPInfo
SetFilePointer
GetStdHandle
TlsAlloc
FlushFileBuffers
TlsSetValue
FreeEnvironmentStringsA
TerminateProcess
WriteConsoleOutputW
HeapReAlloc
InterlockedIncrement
CreateWaitableTimerW
GetCurrentProcess
ReadConsoleW
SetStdHandle
GetCurrentProcessId
EnterCriticalSection
WideCharToMultiByte
GetModuleHandleA
GetPrivateProfileIntA
GetLocalTime
OpenMutexA
DeleteCriticalSection
FreeEnvironmentStringsW
CompareStringA
RtlUnwind
GetFileType
GetLastError
GetStringTypeW
ExitProcess
TlsGetValue
GetVersion
IsBadWritePtr
HeapCreate
CloseHandle
WriteFile
QueryPerformanceCounter
GetEnvironmentStringsW
InitializeCriticalSection
GetModuleFileNameW
WritePrivateProfileSectionW
GetCommandLineW
VirtualAlloc
CreateMutexA
GetEnvironmentStrings
lstrcatA
CompareStringW
InterlockedDecrement
SetEnvironmentVariableA
RtlMoveMemory
GetCurrentThread
GetStartupInfoW
SetLastError
WaitForMultipleObjects
VirtualFree
GetProcAddress
GetStringTypeA
HeapAlloc
LoadLibraryA
GetTimeZoneInformation
FindFirstFileA
GetCompressedFileSizeA
LCMapStringW
SetHandleCount
UnhandledExceptionFilter
MultiByteToWideChar
GetStartupInfoA
ReadFile
LCMapStringA
DeleteFileW
GetCommandLineA
GetTickCount
GetUserDefaultLCID
GetSystemTimeAsFileTime
GetCurrencyFormatW
GetCurrentThreadId
GetModuleFileNameA
LeaveCriticalSection
TlsFree
HeapDestroy
GetConsoleTitleA
VirtualQuery
HeapFree
GetSystemTime

Sections

.text
Size: 232KB - Virtual size: 232KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

23d1c4e7fd8318fc3d50806a7cc38065

Headers

File Characteristics

PDB Paths

Imports

advapi32

wininet

user32

comdlg32

comctl32

kernel32

Sections

.text Size: 232KB - Virtual size: 232KB

.rdata Size: 21KB - Virtual size: 41KB

.data Size: 86KB - Virtual size: 85KB

.rsrc Size: 10KB - Virtual size: 10KB

.text
Size: 232KB - Virtual size: 232KB

.rdata
Size: 21KB - Virtual size: 41KB

.data
Size: 86KB - Virtual size: 85KB

.rsrc
Size: 10KB - Virtual size: 10KB