cfb34b0d1474d2b0072b52c36420e88f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

cfb34b0d1474d2b0072b52c36420e88f_JaffaCakes118
Size

87KB
MD5

cfb34b0d1474d2b0072b52c36420e88f
SHA1

08a0dc6cf474849758bb7808869740c37fd5079d
SHA256

20b4b2eb9a444c174a9f7971a2fb939b92549ba46d482a93294a89e1cb193001
SHA512

a99fb52e8aaec12b82a07ca616ffcd66e246c55e27b738bb9b6d36d5e3f55a3935abbe14f354f2064ec19b695fd6976706964a72e26d6758aa1e862c7ee57aae
SSDEEP

1536:OIG1QXfrGbc5cSkazk5X9tS1yeJDBnB0ErzuGl1u7RlBP1SMJnabYJ:5G1Qv6p2a9I1yOBb6GyhP8QJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cfb34b0d1474d2b0072b52c36420e88f_JaffaCakes118

Files

cfb34b0d1474d2b0072b52c36420e88f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

5b40c476b269a366ed8f4bc0eabba01a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

memcpy
_chkstk
RtlUnwind
memset
_alldiv
isprint
tolower
isspace
_vsnprintf
strncpy
strstr
strncmp
RtlTimeToSecondsSince1970
strrchr
_snprintf
NtQueryVirtualMemory

kernel32

GetTickCount
SuspendThread
CreateToolhelp32Snapshot
GetSystemDefaultLangID
ExitProcess
lstrlenA
MoveFileExA
GetModuleHandleW
GetSystemDirectoryA
lstrcatA
GetEnvironmentVariableA
GetLastError
lstrcmpiA
CopyFileA
DeleteFileA
VirtualFree
GetProcAddress
VirtualAlloc
SystemTimeToFileTime
GetSystemTime
HeapFree
GetProcessHeap
GetTempFileNameW
CreateFileA
lstrcmpA
MoveFileExW
WriteFile
GetVersionExW
CreateFileW
GetTempPathW
LocalAlloc
lstrcatW
CloseHandle
DeleteFileW
LocalFree
WaitForSingleObject
GetCurrentThreadId
CreateThread
HeapReAlloc
HeapAlloc
DeviceIoControl
TerminateProcess
GetModuleHandleA
OpenProcess
Thread32First
Thread32Next
Process32FirstW
OpenThread
Process32NextW
lstrcmpiW

user32

SetWindowPos
CloseDesktop
OpenInputDesktop
CreateDesktopA
GetThreadDesktop
SetTimer
CharUpperBuffA
GetClientRect
GetWindowRect
GetWindow
DefWindowProcW
GetPropW
EnableWindow
ShowWindow
CreateWindowExW
IsWindow
TranslateMessage
SetPropW
LoadCursorW
UnregisterClassW
GetMessageW
DestroyWindow
UpdateWindow
FindWindowA
wsprintfW
SetThreadDesktop
GetSystemMetrics
RegisterClassW
SwitchDesktop
DispatchMessageW
wsprintfA

ole32

OleInitialize
CoTaskMemAlloc
CoCreateInstance
OleUninitialize

shlwapi

SHDeleteKeyA

wininet

InternetOpenA
InternetCloseHandle
InternetReadFile
InternetOpenUrlA

ws2_32

gethostbyname
closesocket
socket
recv
htons
inet_addr
connect
send
WSAStartup

advapi32

RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteValueA
RegCloseKey
RegQueryValueExA
GetCurrentHwProfileW
CheckTokenMembership
FreeSid
AllocateAndInitializeSid

shell32

SHGetFolderPathA
ShellExecuteA

oleaut32

SafeArrayAccessData
SysFreeString
SysAllocString
SafeArrayUnaccessData
VariantInit
SafeArrayDestroy
SafeArrayCreateVector

Sections

.text
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5b40c476b269a366ed8f4bc0eabba01a

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

user32

ole32

shlwapi

wininet

ws2_32

advapi32

shell32

oleaut32

Sections

.text Size: 74KB - Virtual size: 73KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 8KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 74KB - Virtual size: 73KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 8KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 4KB - Virtual size: 3KB