c889a6690e7c5318bc7495d750687898_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c889a6690e7c5318bc7495d750687898_JaffaCakes118
Size

88KB
MD5

c889a6690e7c5318bc7495d750687898
SHA1

15ce4b172384229b610f1bc875511a58d0f28a7f
SHA256

dca3aea24b61193fad3ff1afb1e217a182a0d89784eaf04b3c2b60a9b064508d
SHA512

a3c7f6369cdc0fa21d46e424573b3062284e1da7d176fdec3dcf592b4880e6f15fbea681df8b8f391c01e323990eaf0d1242210a5ec7103fa48fc4e5d979819a
SSDEEP

1536:8Ejz/7VHOHX5VekK40OeFLhuhAi49ZUDpAwSX2QILQlBzc:f/7Fm5b0JuhwUNAwk2QILQlBzc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c889a6690e7c5318bc7495d750687898_JaffaCakes118

Files

c889a6690e7c5318bc7495d750687898_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1b13879388ba48297be242a24fda5df2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
GetLastError
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameA
GetModuleHandleA
lstrlenW
WideCharToMultiByte
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
GetWindowsDirectoryA
SetLocalTime
GetLocalTime
WaitForMultipleObjects
LoadLibraryA
SearchPathA
GetOEMCP
IsBadCodePtr
IsBadReadPtr
LocalFree
CreateProcessA
LeaveCriticalSection
EnterCriticalSection
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
lstrcpyA
CreateThread
lstrlenA
DeleteFileA
WaitForSingleObject
WriteFile
CloseHandle
CreateFileA
RaiseException
DeleteCriticalSection
SetEndOfFile
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
HeapSize
InitializeCriticalSection
GetProcAddress
SetFilePointer
FlushFileBuffers
SetStdHandle
HeapFree
RtlUnwind
ExitProcess
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
GetStartupInfoA
GetCommandLineA
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
SetUnhandledExceptionFilter
ReadFile
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
GetCPInfo

user32

FindWindowA
DefWindowProcA
CharNextA
DestroyWindow

advapi32

RegSetValueExA
RegQueryValueExA
RegEnumKeyExA
RegQueryInfoKeyA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
QueryServiceStatus
StartServiceA
RegOpenKeyA
RegCloseKey

shell32

ShellExecuteA

ole32

CoTaskMemFree
CoTaskMemAlloc
CoInitialize
CoUninitialize
CoTaskMemRealloc
CoCreateInstance

oleaut32

VarUI4FromStr
SysAllocString
SysAllocStringLen
VariantClear
VariantInit
SysStringByteLen
SysAllocStringByteLen
SysFreeString

comctl32

InitCommonControlsEx

wininet

InternetCrackUrlA
InternetCloseHandle
InternetReadFile
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetGetConnectedState
InternetOpenA

Sections

.text
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1b13879388ba48297be242a24fda5df2

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

comctl32

wininet

Sections

.text Size: 60KB - Virtual size: 57KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 4KB - Virtual size: 10KB

.rsrc Size: 8KB - Virtual size: 7KB

.text
Size: 60KB - Virtual size: 57KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 10KB

.rsrc
Size: 8KB - Virtual size: 7KB