d22c882d34c81bb281bb4e71c7414fdd_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d22c882d34c81bb281bb4e71c7414fdd_JaffaCakes118
Size

81KB
MD5

d22c882d34c81bb281bb4e71c7414fdd
SHA1

01c92e6c821eaa6b68b819be77151c8f34b396c8
SHA256

ab2ec1f3b506f3ddf549431964488bd10158cd35d7715af073b81096d88df0f6
SHA512

c3c33975398527ee4cd1f5f52d457aff4d2276a168840b8e1f1fa006bf9ddd2a7acebe06538240b680b96b379d2b94d8450fc0ad4abc647da4a07cb4434c8773
SSDEEP

1536:gdMqqU+NV25Cvt4ds11fhXQrUxtlKbbqtU/n91k0kUkD/EJyEC7:gdMqqDLU0t4ihXQrUxtlKb6U/91Jx+Em

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d22c882d34c81bb281bb4e71c7414fdd_JaffaCakes118

Files

d22c882d34c81bb281bb4e71c7414fdd_JaffaCakes118
.exe windows:5 windows x86 arch:x86

589851d69ab3a4d97cf7fccc1c6e5dbe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
WaitForMultipleObjects
lstrcmpiW
GetFileTime
ReleaseMutex
CloseHandle
GetVolumeNameForVolumeMountPointW
DeleteFileW
LocalFree
GetSystemTime
WriteProcessMemory
SetFileAttributesW
CreateThread
ExpandEnvironmentStringsW
ExitProcess
GetCommandLineW
SetErrorMode
GetComputerNameW
SetEvent
GetVersionExW
GetModuleFileNameW
ExitThread
CreateEventW
OpenEventW
FlushFileBuffers
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAllocEx
MapViewOfFile
UnmapViewOfFile
SetLastError
CreateFileMappingW
lstrcmpiA
TerminateThread
GetExitCodeThread
GetExitCodeProcess
TerminateProcess
VirtualProtectEx
ResumeThread
GetSystemDirectoryW
CopyFileW
GetLongPathNameW
GetLocalTime
WTSGetActiveConsoleSessionId
lstrcatW
GetCurrentThreadId
SetThreadPriority
InterlockedIncrement
InterlockedDecrement
MultiByteToWideChar
CreateFileW
ReadFile
GetLastError
VirtualAlloc
DeleteCriticalSection
GetProcAddress
GetFileAttributesW
HeapCreate
Sleep
GetFileSizeEx
GetCurrentProcess
GetTempPathW
LoadLibraryW
VirtualFreeEx
WideCharToMultiByte
WriteFile
SetFileTime
IsBadReadPtr
GetProcessHeap
VirtualFree
GetCurrentThread
GetTickCount
GetModuleHandleW
WaitForSingleObject
CreateDirectoryW
HeapFree
SystemTimeToFileTime
HeapAlloc
CreateProcessW
FreeLibrary
CreateMutexW
HeapReAlloc
GetCurrentProcessId
GetEnvironmentVariableW

user32

ShowWindow
IsWindow
RegisterClassExW
UpdateWindow
GetClientRect
UnregisterClassW
PostQuitMessage
GetWindowRect
DestroyWindow
GetWindowThreadProcessId
GetClassNameW
GetAncestor
GetClassLongW
GetWindowInfo
GetParent
PostMessageW
OpenWindowStationW
GetUserObjectInformationW
SetThreadDesktop
CloseDesktop
OpenDesktopW
GetProcessWindowStation
CreateWindowStationW
CloseWindowStation
GetThreadDesktop
SetProcessWindowStation
CreateDesktopW
CreateWindowExW
DefWindowProcW
MoveWindow
GetSystemMetrics
WindowFromPoint
CharLowerW
CharToOemW
TranslateMessage
GetWindowLongW
PeekMessageW
CharUpperW
SetWindowLongW
SendMessageTimeoutW
DispatchMessageW

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
RegOpenKeyExW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
AdjustTokenPrivileges
RegCloseKey
RegSetValueExW
IsWellKnownSid
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerW
GetLengthSid
ConvertSidToStringSidW
CreateServiceW
CloseServiceHandle
DeleteService
OpenSCManagerW
GetUserNameW
OpenServiceW
EqualSid
StartServiceW
ControlService
SetSecurityInfo
LookupPrivilegeValueW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CreateProcessAsUserW
RegQueryValueExW
OpenProcessToken
GetSidSubAuthority
OpenThreadToken
GetSidSubAuthorityCount
GetTokenInformation
RegCreateKeyExW

shlwapi

PathQuoteSpacesW
StrCmpNIW
PathIsURLW
wvnsprintfA
StrCmpNIA
PathRemoveBackslashW
PathUnquoteSpacesW
PathAddExtensionW
PathSkipRootW
SHDeleteValueW
PathAddBackslashW
PathRemoveFileSpecW
PathIsDirectoryW
wvnsprintfW
PathCombineW

shell32

ShellExecuteW
CommandLineToArgvW
SHGetFolderPathW

ole32

OleSetContainedObject
StringFromGUID2
CLSIDFromString
CoUninitialize
CoCreateInstance
OleInitialize
OleUninitialize
CoInitialize

wininet

InternetCloseHandle
InternetQueryOptionA
InternetSetOptionA
InternetReadFile
InternetOpenA
InternetCrackUrlA
InternetConnectA
HttpQueryInfoA
HttpAddRequestHeadersW
HttpSendRequestA
HttpOpenRequestA

oleaut32

SysFreeString
SysAllocString
VariantChangeType
VariantInit
VariantClear

netapi32

NetUserEnum
NetApiBufferFree
NetUserGetInfo

Exports

Exports

_install
_threadEntry
baseConfigSource

Sections

.text
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

589851d69ab3a4d97cf7fccc1c6e5dbe

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

shell32

ole32

wininet

oleaut32

netapi32

Exports

Exports

Sections

.text Size: 76KB - Virtual size: 75KB

.data Size: 512B - Virtual size: 8KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 76KB - Virtual size: 75KB

.data
Size: 512B - Virtual size: 8KB

.reloc
Size: 4KB - Virtual size: 3KB