ceb4074bce6b7dee6ca78e605d8bdafa_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ceb4074bce6b7dee6ca78e605d8bdafa_JaffaCakes118
Size

92KB
MD5

ceb4074bce6b7dee6ca78e605d8bdafa
SHA1

ae062507ddcf8a415d99b5ad42571db124a9d525
SHA256

d6423234d2154abf4fedcde61bf448991da20de599e303dc64d5c266bd749e77
SHA512

4a45fbb57a810bc1e511ea8ed919c1bfb72d7f54cbde68a724320306f9b30982d8fbfda121a071ee6155bea2bec4d03452788628f2daaee50d9e860b61f3a17f
SSDEEP

1536:cWydC6mmJ9uwd+PgOX56YZmToCT5r3xuS/Ka5uzlcqdtsysbpGb:cXrpJvd+Pgw6YZmToCThcFu2hdtsysb4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ceb4074bce6b7dee6ca78e605d8bdafa_JaffaCakes118

Files

ceb4074bce6b7dee6ca78e605d8bdafa_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a9b49e44d4d866bd99444054a4c54ead

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileAttributesW
GetComputerNameW
GetVersionExW
lstrcmpW
GetFullPathNameW
FindFirstFileW
FindResourceW
FreeLibrary
LoadResource
GetCurrentProcess
GetModuleHandleW
SetFileTime
WideCharToMultiByte
LoadLibraryW
lstrcpynW
GetModuleFileNameW
MultiByteToWideChar
GetLastError
GetProcAddress
FindClose
LockResource
GetSystemInfo
FindNextFileW
GetFileTime
HeapReAlloc
HeapAlloc
DeleteFileW
GetProcessHeap
lstrcmpA
lstrlenA
CreateDirectoryW
WaitForSingleObject
SignalObjectAndWait
SetEvent
CreateRemoteThread
OpenProcess
VirtualFreeEx
ReadProcessMemory
TerminateProcess
VirtualProtectEx
VirtualAllocEx
ResetEvent
Process32FirstW
GetExitCodeThread
CreateEventW
Process32NextW
CreateToolhelp32Snapshot
DuplicateHandle
WriteProcessMemory
ResumeThread
CreateMutexW
LocalFree
SetCurrentDirectoryW
MoveFileW
GetTempPathW
GetStartupInfoW
lstrlenW
GetFileAttributesW
CopyFileW
Sleep
GetTickCount
MoveFileExW
CreateProcessW
GetTempFileNameW
GetCommandLineW
CloseHandle
lstrcmpiW
CreateFileW
ReadFile
WriteFile
SetFilePointer
GetVersion
HeapFree
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
GetModuleHandleA
InterlockedExchange
InterlockedCompareExchange
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InterlockedDecrement

advapi32

CryptHashData
CryptGetHashParam
ConvertStringSecurityDescriptorToSecurityDescriptorW
FreeSid
AllocateAndInitializeSid
LookupAccountNameW
EqualSid
GetTokenInformation
OpenProcessToken
GetUserNameW
CryptDestroyHash
CryptDecrypt
CryptDestroyKey
CryptCreateHash
CryptImportKey
CryptReleaseContext
CryptSetKeyParam
CryptAcquireContextW

shell32

SHGetFolderPathW
CommandLineToArgvW

ole32

CoCreateInstance
CoUninitialize
CoInitializeSecurity
CoInitializeEx

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocString
SysAllocStringLen

msvcrt

__setusermatherr
__p__commode
__p__fmode
__set_app_type
_unlock
__dllonexit
_lock
_onexit
_wcmdln
?terminate@@YAXXZ
_controlfp
_amsg_exit
_XcptFilter
_exit
_cexit
__wgetmainargs
??1type_info@@UAE@XZ
memcpy
memset
malloc
_callnewh
_CxxThrowException
free
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@XZ
exit
_vsnprintf
_itow
rand
_wtoi
_time64
_initterm
srand
_vsnwprintf

crypt32

CryptStringToBinaryW
CryptBinaryToStringW

shlwapi

PathRenameExtensionW
PathAddBackslashW
PathRemoveBackslashW
PathRemoveFileSpecW
PathFindExtensionW
PathCombineW
PathFindFileNameW
StrStrIW

ntdll

RtlUnwind
NtQueryInformationProcess

winhttp

WinHttpQueryHeaders
WinHttpConnect
WinHttpSendRequest
WinHttpSetOption
WinHttpReceiveResponse
WinHttpQueryDataAvailable
WinHttpOpen
WinHttpOpenRequest
WinHttpReadData
WinHttpCrackUrl
WinHttpCloseHandle

iphlpapi

GetAdaptersInfo

ws2_32

WSACleanup
getaddrinfo
WSAStartup
freeaddrinfo
gethostname

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 992B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a9b49e44d4d866bd99444054a4c54ead

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

ole32

oleaut32

msvcrt

crypt32

shlwapi

ntdll

winhttp

iphlpapi

ws2_32

Sections

.text Size: 55KB - Virtual size: 55KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 992B - Virtual size: 992B

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 55KB - Virtual size: 55KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 992B - Virtual size: 992B

.reloc
Size: 4KB - Virtual size: 4KB