dbe5a6d60d6fd03e9f33aa099d8b502f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

dbe5a6d60d6fd03e9f33aa099d8b502f_JaffaCakes118
Size

94KB
MD5

dbe5a6d60d6fd03e9f33aa099d8b502f
SHA1

3296a25de4b621d2831d178f7ef9627ed240e257
SHA256

67f1f66fea45922971979660ac2b0d33e903cc702852b12662401a4f4bc63657
SHA512

5d3664e40e8c87174c0fb728f80ba97f7f7ed6fe409dda6ce9e55e53247100da68460e276680d766dd4961a01aa09c1c668a31e2797b54acb0c9082189b06719
SSDEEP

1536:iDZ1Jv8sS7slmrWwOUMvXUHxWT643OUHZuGQIHZ0aV0pjGjP/zLH5ov:CisS7imMUeERWPeUgGtHwePbLH5ov

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dbe5a6d60d6fd03e9f33aa099d8b502f_JaffaCakes118

Files

dbe5a6d60d6fd03e9f33aa099d8b502f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

745c1719885274b3150160c66b467053

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

logagent.pdb

Imports

msvcrt

__CxxFrameHandler
calloc
strncpy
strtoul
sprintf
_snwprintf
wcsrchr
iswalpha
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
_purecall
realloc
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_onexit
_controlfp
swscanf
iswdigit
iswcntrl
_vsnprintf
wcsncmp
wcschr
_wtoi
wcscmp
towupper
wcsncpy
_strnicmp
strchr
wcscspn
wcsspn
__dllonexit
iswascii
_snprintf
_beginthreadex
_ultoa
_except_handler3
_stricmp
sscanf
malloc
free
_wcsnicmp
_wcsicmp
??2@YAPAXI@Z
??3@YAXPAX@Z
_vsnwprintf
_ultow
wcslen

advapi32

RegQueryValueExW
RegSetValueExW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExA
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
InitializeAcl
InitializeSecurityDescriptor
GetLengthSid
MakeAbsoluteSD
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
GetSecurityDescriptorLength
MakeSelfRelativeSD
RegEnumValueW
RegDeleteValueW
GetTokenInformation
OpenProcessToken
GetAce
GetAclInformation
AddAce
AddAccessDeniedAce
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumValueA
FreeSid
AllocateAndInitializeSid
RegEnumKeyExA
AddAccessAllowedAce
EqualSid
DeleteAce
RegOpenKeyExW

kernel32

HeapFree
GetProcessHeap
HeapAlloc
CloseHandle
GetLastError
WideCharToMultiByte
MultiByteToWideChar
WaitForMultipleObjects
CreateThread
CreateSemaphoreA
GetVersionExA
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
lstrlenW
InterlockedDecrement
IsDBCSLeadByte
lstrcmpiA
lstrcatA
lstrcpynA
lstrcpyA
GetModuleFileNameA
FreeLibrary
GetProcAddress
LoadLibraryA
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
GetCurrentThreadId
GetCommandLineA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoA
Sleep
CreateEventA
HeapSize
WaitForSingleObjectEx
ReleaseSemaphore
LeaveCriticalSection
EnterCriticalSection
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
SetEvent
InterlockedCompareExchange
LocalFree
LoadLibraryW
LocalAlloc
GetVersionExW
WaitForSingleObject
CreateEventW
GetSystemDirectoryA
GetModuleFileNameW
GetExitCodeProcess
OpenProcess
GetComputerNameW
GetModuleHandleA
SetThreadPriority
GetCurrentThread
lstrlenA
FreeLibraryAndExitThread

user32

CharNextA
PostThreadMessageA
CharPrevA
DispatchMessageA
GetMessageA
RegisterClassA
CreateWindowExA
SetWindowLongA
DestroyWindow
PostQuitMessage
GetWindowLongA
DefWindowProcA
PostMessageA

ole32

CoInitialize
CoCreateInstance
CoSuspendClassObjects
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoRegisterClassObject
CoRevokeClassObject
CoInitializeEx
CoUninitialize
CoCreateGuid

oleaut32

VariantClear
VariantInit
SysFreeString
SysAllocString
VarUI4FromStr
LoadTypeLi
RegisterTypeLi
SysStringLen

wininet

InternetOpenW
HttpOpenRequestW
InternetQueryDataAvailable
HttpSendRequestExW
HttpEndRequestA
HttpQueryInfoA
InternetReadFile
InternetErrorDlg
HttpQueryInfoW
InternetSetOptionA
InternetCrackUrlW
InternetConnectW
InternetCloseHandle
InternetQueryOptionA

wsock32

connect
sendto
recv
WSASetLastError
getservbyport
ntohs
setsockopt
ntohl
WSAStartup
WSACleanup
inet_ntoa
getsockname
getpeername
WSAAsyncSelect
getsockopt
closesocket
shutdown
bind
socket
gethostbyaddr
htons
getservbyname
htonl
inet_addr
gethostbyname
WSAGetLastError
ioctlsocket
send

Sections

.text
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

745c1719885274b3150160c66b467053

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

kernel32

user32

ole32

oleaut32

wininet

wsock32

Sections

.text Size: 91KB - Virtual size: 90KB

.data Size: 512B - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 4KB

.text
Size: 91KB - Virtual size: 90KB

.data
Size: 512B - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 4KB