ea6ee7f9d2760ed53b136ae3288e4c23_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ea6ee7f9d2760ed53b136ae3288e4c23_JaffaCakes118
Size

485KB
MD5

ea6ee7f9d2760ed53b136ae3288e4c23
SHA1

d1a901acd3874fbb5c7cc202cc5049379a576bd7
SHA256

f1ded76c1a9045b4822f7a789a1731b89a45ad8714c4ee4355facb2b0af54997
SHA512

937faea034af62e04a9174d5a8c9641a4a61973aa24d705274b105fe7ea19f0f1e37955bba77ce1aa1421d6f6be69ade9bb720934cf4292f83247795102f287b
SSDEEP

12288:s7BSqCXVQqvJFToxVkhveEwuEHZCxfv57Uon:s7AlymTsC3B0WFTn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ea6ee7f9d2760ed53b136ae3288e4c23_JaffaCakes118

Files

ea6ee7f9d2760ed53b136ae3288e4c23_JaffaCakes118
.exe windows:5 windows x86 arch:x86

4aab59f8f00be3c2257a6e2297743eca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Q:\projects\FakeAV\AV\bin\Release\AV.pdb

Imports

ntdll

_vsnprintf
ZwMapViewOfSection
RtlImageNtHeader
RtlRandom
strncpy
memset
atoi
_snprintf
memcpy
memmove
isspace
tolower
_stricmp
RtlUnwind
memcmp
_aulldiv
sscanf
NtResumeProcess
NtSuspendProcess
NtQueryInformationFile
RtlNtStatusToDosError
sprintf
strchr
strcmp
strcat
strstr
wcslen
strlen

kernel32

GetSystemTimeAsFileTime
GetCurrentThreadId
UnhandledExceptionFilter
GetStartupInfoA
InterlockedCompareExchange
InterlockedExchange
ReadFile
CloseHandle
GetFileSize
CreateFileA
WriteFile
lstrcmpiW
InitializeCriticalSection
GetModuleHandleA
DeleteCriticalSection
DeleteFileA
LeaveCriticalSection
EnterCriticalSection
GetLastError
CreateDirectoryA
RemoveDirectoryA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateEventA
SetEvent
WaitForSingleObject
TerminateThread
WinExec
CreateThread
Process32Next
Process32First
CreateToolhelp32Snapshot
OpenEventA
VirtualProtect
VirtualAlloc
VirtualFree
TlsAlloc
FreeLibrary
GetProcAddress
LoadLibraryA
TlsSetValue
TlsGetValue
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameA
GetCommandLineW
LocalFree
CreateMutexA
OpenMutexA
Sleep
TerminateProcess
OpenProcess
GetCurrentProcessId
CreateFileW
GetVolumeInformationW
GetFullPathNameW
DeleteFileW
GetTickCount
GetProcessId
CreateRemoteThread
FindResourceA
SizeofResource
LockResource
LoadResource
ResetEvent
WaitForMultipleObjects
FindClose
FindNextFileA
FindFirstFileA
GetSystemDirectoryA
GetSystemInfo
GetVersionExA
GlobalMemoryStatusEx
GetDiskFreeSpaceExA
GetDriveTypeA
GetLogicalDriveStringsA
EnumUILanguagesA
lstrcpynA
SetLastError
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
lstrlenW
GetTempFileNameA
GetTempPathA
QueryPerformanceCounter
CreateProcessA
EndUpdateResourceA
UpdateResourceA
BeginUpdateResourceA
LoadLibraryExA
ExitProcess
SetErrorMode
SetUnhandledExceptionFilter
ResumeThread
QueueUserAPC
DuplicateHandle
GetCurrentProcess
HeapAlloc
HeapFree
GetProcessHeap

msvcrt

__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
_acmdln
_XcptFilter
_exit
_cexit
__getmainargs
_ismbblead
_strdup
__set_app_type
_localtime64
atof
_time64
printf
_purecall
exit
??2@YAPAXI@Z
puts
abort
??3@YAXPAX@Z
realloc
free
_controlfp
?terminate@@YAXXZ
malloc

user32

SetForegroundWindow
UpdateWindow
CreateWindowExA
RegisterClassExA
UnregisterClassA
DestroyWindow
LoadIconA
ShowWindow
GetForegroundWindow
GetWindowThreadProcessId
GetWindowRect
GetSystemMetrics
EnableWindow
MessageBoxA
GetMessageA
TranslateMessage
DispatchMessageA
GetWindow
FindWindowExW
GetParent
PostMessageA
CallWindowProcA
wsprintfA
GetClientRect
GetWindowLongA
SendMessageA
SetWindowPos
PostQuitMessage
DefWindowProcA
SetWindowLongA

advapi32

SetSecurityDescriptorDacl
GetTokenInformation
OpenProcessToken
RegQueryValueExA
InitializeSecurityDescriptor
RegOpenKeyExA
RegCloseKey

ws2_32

inet_ntoa
socket
ioctlsocket
htons
connect
WSAGetLastError
select
closesocket
gethostbyname
WSACleanup
WSAStartup
gethostname

shell32

ShellExecuteExA
Shell_NotifyIconA
SHGetFolderPathA
CommandLineToArgvW
SHAppBarMessage

wininet

HttpSendRequestA
HttpOpenRequestA
HttpAddRequestHeadersA
InternetCloseHandle
InternetOpenA
InternetConnectA
HttpQueryInfoA
InternetQueryOptionA
InternetQueryDataAvailable
InternetReadFile

ole32

CoCreateInstance
CoSetProxyBlanket
CoCreateGuid
StringFromGUID2
OleUninitialize
OleInitialize
CoGetClassObject
OleSetContainedObject
CoInitialize

oleaut32

SafeArrayAccessData
SysFreeString
SysAllocString
SysStringLen
VariantClear
SysAllocStringLen
VariantInit
SafeArrayDestroy
SafeArrayCreateVector

psapi

GetModuleBaseNameA

urlmon

URLDownloadToFileA

shlwapi

PathAppendA

Sections

.text
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 330KB - Virtual size: 330KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4aab59f8f00be3c2257a6e2297743eca

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

kernel32

msvcrt

user32

advapi32

ws2_32

shell32

wininet

ole32

oleaut32

psapi

urlmon

shlwapi

Sections

.text Size: 128KB - Virtual size: 128KB

.rdata Size: 17KB - Virtual size: 16KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 330KB - Virtual size: 330KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 128KB - Virtual size: 128KB

.rdata
Size: 17KB - Virtual size: 16KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 330KB - Virtual size: 330KB

.reloc
Size: 7KB - Virtual size: 6KB