ea7f371959c86e6a21cdf2083780c628_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ea7f371959c86e6a21cdf2083780c628_JaffaCakes118
Size

753KB
MD5

ea7f371959c86e6a21cdf2083780c628
SHA1

63a03d13edc724188083cfd075d6f7a96e2baed2
SHA256

862c6e67edee5dd23d1bcfa599b603d5d6f53edd0bfa38a05ada68771c2d3e5f
SHA512

b5debb53ac47972b1376ca00be90fbb77f70c1fb15b419362976bad56fdfc8c4a5676ab621ba61f3ff1069afb68bbef3ce4f88de8a5807193c096ec63a15d9f3
SSDEEP

6144:d9Yxf1dDtm+hKctIp6efyFehVL0F+qdXUMmCSOrP1/Czm0KP60D:HYh1BtmeKcRe+AVLM+qdX5rSG/CzmND

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ea7f371959c86e6a21cdf2083780c628_JaffaCakes118

Files

ea7f371959c86e6a21cdf2083780c628_JaffaCakes118
.exe windows:6 windows x86 arch:x86

3b0349d72532f627d62f41db7cf6f251

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualFree
CreateRemoteThread
WideCharToMultiByte
VirtualFreeEx
Sleep
ReadProcessMemory
VirtualAlloc
VirtualAllocEx
GetSystemInfo
CloseHandle
WriteProcessMemory
SuspendThread
ResumeThread
CreateThread
ExitProcess
CreateFileA
lstrcmpA
FreeLibrary
WaitNamedPipeA
GetCurrentProcess
GlobalLock
GetCurrentThread
WriteFile
OpenProcess
GlobalAlloc
GetPrivateProfileIntA
TerminateThread
Beep
CreateProcessA
TerminateProcess
ReadFile
GlobalUnlock
GetLastError
SetLastError
GetProcAddress
GetPrivateProfileStringA
GetLocalTime
LoadLibraryA
OpenThread
WritePrivateProfileStringA
GetTickCount
GetModuleHandleA
CreateMutexA
DeviceIoControl
GetVersionExA
SetEndOfFile
CreateFileW
WriteConsoleW
SetStdHandle
ReadConsoleW
OutputDebugStringW
GetTimeZoneInformation
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
QueryPerformanceCounter
LoadLibraryExW
SetConsoleCtrlHandler
GetOEMCP
GetACP
IsValidCodePage
GetCurrentThreadId
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetFilePointerEx
GetModuleFileNameW
GetProcessHeap
GetFileType
GetStdHandle
IsDebuggerPresent
HeapSize
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
SetEnvironmentVariableA
CompareStringW
GetTimeFormatW
GetDateFormatW
WaitForSingleObject
VirtualQuery
SetThreadContext
GetModuleFileNameA
GetThreadContext
CreateSemaphoreW
GetModuleHandleW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
CreateEventW
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
MultiByteToWideChar
GetStringTypeW
HeapFree
HeapAlloc
HeapReAlloc
GetSystemTimeAsFileTime
GetModuleHandleExW
AreFileApisANSI
GetCommandLineA
RaiseException
FatalAppExitA
GetCPInfo
IsProcessorFeaturePresent
UnhandledExceptionFilter

user32

SendMessageA
MoveWindow
GetWindowThreadProcessId
mouse_event
FindWindowA
SetClipboardData
SetWindowTextA
MessageBoxW
OpenClipboard
DispatchMessageA
keybd_event
GetMessageA
GetClassNameA
ScreenToClient
GetWindowRect
SetActiveWindow
CreateDialogParamA
PostQuitMessage
SetForegroundWindow
LoadIconA
wsprintfA
SetFocus
CloseClipboard
IsDialogMessageA
TranslateMessage
SetWindowLongA
MessageBoxA
SetCursorPos
BringWindowToTop
GetWindowLongA
EmptyClipboard
GetDlgItem
EndDialog
ShowWindow
IsWindow

advapi32

LookupPrivilegeValueA
OpenThreadToken
OpenProcessToken
AdjustTokenPrivileges

wininet

InternetOpenUrlA
InternetQueryDataAvailable
InternetReadFile
InternetOpenA
InternetCloseHandle

ntdll

NtQueryInformationProcess
RtlUnwind
NtQuerySystemInformation

Sections

.text
Size: 320KB - Virtual size: 319KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.shell
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 348KB - Virtual size: 347KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3b0349d72532f627d62f41db7cf6f251

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

wininet

ntdll

Sections

.text Size: 320KB - Virtual size: 319KB

.shell Size: 2KB - Virtual size: 2KB

.rdata Size: 56KB - Virtual size: 55KB

.data Size: 9KB - Virtual size: 121KB

.rsrc Size: 348KB - Virtual size: 347KB

.reloc Size: 16KB - Virtual size: 16KB

.text
Size: 320KB - Virtual size: 319KB

.shell
Size: 2KB - Virtual size: 2KB

.rdata
Size: 56KB - Virtual size: 55KB

.data
Size: 9KB - Virtual size: 121KB

.rsrc
Size: 348KB - Virtual size: 347KB

.reloc
Size: 16KB - Virtual size: 16KB