de0d26e58dbcc7a58755ec7622de1d22_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

de0d26e58dbcc7a58755ec7622de1d22_JaffaCakes118
Size

52KB
MD5

de0d26e58dbcc7a58755ec7622de1d22
SHA1

cc83f55a5a2a5ebfe582b3935cc24ab103f2d354
SHA256

8f33ee4fab5a506f1b39848a1fa0c9ad363ea5cfdc68f8b585db05f911601ed5
SHA512

af1a0ad81f85196ba6ad95e8787f4a56b86412985f9fd46a75a745c3c9d3da54ba0d6e441ea2a13bf69dd6746cd8cdb188e1131bc3442c11e2909d37edbd49d5
SSDEEP

768:sJVL7/u0etasP5Vc10vF/mv2fFRal7otToXzxEsa0ImVyPZ6yZZlp7bi8hLXXEgA:itIs2dR6ITyVVQmFyZpNogDBvbi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
de0d26e58dbcc7a58755ec7622de1d22_JaffaCakes118

Files

de0d26e58dbcc7a58755ec7622de1d22_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0cd8e9bc3b1b24022ccba7399baa5e76

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateToolhelp32Snapshot
FreeLibrary
LoadLibraryA
GetProcAddress
LoadLibraryExA
GlobalAlloc
WriteFile
CreateFileA
DeviceIoControl
GetVersionExA
Process32First
GetSystemDirectoryA
TerminateThread
GetModuleFileNameA
ExitProcess
GetLastError
CreateMutexA
Process32Next
CloseHandle
OpenProcess
GetModuleHandleA
VirtualProtectEx
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
DeleteFileA
HeapFree
GlobalFree
CreateThread
GetCurrentProcessId
lstrcmpA
Sleep
GetFileAttributesA
GetProcessHeap
HeapAlloc
ExitThread
GetTickCount
HeapSize
LCMapStringW
LCMapStringA
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
GetLocaleInfoA
RtlUnwind
HeapReAlloc
VirtualAlloc
InitializeCriticalSection
IsDebuggerPresent
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetOEMCP
GetACP
GetCPInfo
EnterCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
DeleteCriticalSection
GetFileType
SetHandleCount
GetSystemTimeAsFileTime
GetCommandLineA
GetStartupInfoA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW

user32

GetDesktopWindow
wsprintfA

advapi32

StartServiceA
LockServiceDatabase
ChangeServiceConfigA
UnlockServiceDatabase
OpenSCManagerA
OpenServiceA
DeleteService
CloseServiceHandle
RegSetValueExA
RegCreateKeyA
RegDeleteValueA
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteKeyW
RegEnumValueW
RegDeleteValueW
RegCloseKey
CreateServiceA

shell32

SHFileOperationA
ShellExecuteA

ntdll

memset
strlen
NtQuerySystemInformation
_chkstk
memcpy
strcat

ws2_32

connect
shutdown
closesocket
recv
accept
listen
sendto
send
WSASocketA
WSAStartup
gethostbyname
htons
inet_ntoa
inet_addr
WSAConnect
bind
setsockopt
socket
WSACleanup

wininet

InternetCloseHandle
InternetReadFile
InternetOpenUrlA
InternetOpenA

iphlpapi

GetNetworkParams

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 7KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0cd8e9bc3b1b24022ccba7399baa5e76

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ntdll

ws2_32

wininet

iphlpapi

Sections

.text Size: 44KB - Virtual size: 43KB

.data Size: 7KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 176B

.text
Size: 44KB - Virtual size: 43KB

.data
Size: 7KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 176B