ea36472732ef6057177295448d678b57_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ea36472732ef6057177295448d678b57_JaffaCakes118
Size

114KB
MD5

ea36472732ef6057177295448d678b57
SHA1

bae7b97d520562b8ef44f3f066f083f80c13521b
SHA256

04902fd19173b46b702172bf05f7ad39f875ee0eb010a7708ff44cb2ddfaa694
SHA512

f03a98f9bc7210b3dbd798f301b7f39f456d265ebd0c07a1a5fece8f117849039478a2daed22530fe3ec3613ea6566829c0ede9bb89cbacb27d59a849c3d30d7
SSDEEP

3072:XuzHHHIORW1Or3AOxPzPLnFhR/J1uNvz9+H+1A:XIHo58xP7Rj/Jkvz9V1A

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ea36472732ef6057177295448d678b57_JaffaCakes118

Files

ea36472732ef6057177295448d678b57_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c7065543c8dbe901d0a27ca8507e6faa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\dev\Projects\SeReplacer 2.0\dropper\Release\dropper.pdb

Imports

wininet

HttpSendRequestA
InternetConnectA
InternetCloseHandle
InternetCrackUrlA
InternetOpenA
HttpOpenRequestA

ntdll

strcmp
NtQuerySystemInformation
strcat
RtlInitUnicodeString
_strnicmp
memset
strlen
NtQuerySection
_stricmp
atoi
NtLoadDriver
RtlUnwind
wcscat

shlwapi

PathFindFileNameA
PathAppendA

kernel32

CloseHandle
GetWindowsDirectoryA
GetSystemDirectoryA
CreateMutexA
CreateDirectoryA
WriteFile
GetSystemTime
SystemTimeToFileTime
SetFileTime
Sleep
CreateProcessA
GetModuleFileNameA
MoveFileExA
ExitProcess
LoadLibraryA
GetLastError
CreateToolhelp32Snapshot
Process32First
Process32Next
GetCurrentProcess
CreateFileA
UnmapViewOfFile
SetThreadPriority
GetThreadPriority
GetCurrentThread
MapViewOfFile
GetCurrentProcessId
GetProcAddress
GetModuleHandleA
GetTickCount
GetVersionExA
VirtualLock
VirtualAllocEx
VirtualFreeEx
VirtualUnlock
GetVolumeInformationA
GetDiskFreeSpaceA
GlobalMemoryStatusEx
HeapAlloc
GetProcessHeap
HeapFree
MultiByteToWideChar
CreateFileMappingA

user32

wsprintfA
GetDesktopWindow

gdi32

GetNearestPaletteIndex
CreatePalette
DeleteObject

advapi32

AdjustTokenPrivileges
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
OpenProcessToken
LookupPrivilegeValueA
RegCloseKey

shell32

SHGetSpecialFolderPathA

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.]data
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c7065543c8dbe901d0a27ca8507e6faa

Headers

File Characteristics

PDB Paths

Imports

wininet

ntdll

shlwapi

kernel32

user32

gdi32

advapi32

shell32

Sections

.text Size: 9KB - Virtual size: 9KB

.data Size: 28KB - Virtual size: 27KB

.]data Size: 76KB - Virtual size: 76KB

.text
Size: 9KB - Virtual size: 9KB

.data
Size: 28KB - Virtual size: 27KB

.]data
Size: 76KB - Virtual size: 76KB