eb32f95d47c5252e6870d03f8d10037a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

eb32f95d47c5252e6870d03f8d10037a_JaffaCakes118
Size

198KB
MD5

eb32f95d47c5252e6870d03f8d10037a
SHA1

b23609977b2d0a4b33bdfb6bba49b5596330a2ff
SHA256

086f7a93047bc4e9e472993a95ad973025dea37cd1b1bbc2c67789c754fe5fb4
SHA512

5e4f81f0a5cb4e0a988afa49c42f327b7ad736be6977c06e022560417a83e1ea0256c18959df4baaed6691d190878529bd7e0e4b70f8bbc49978522b2760d74f
SSDEEP

6144:o3Cc1f57YdwvQMsZr3BgEAJfumNeBV8kkfv:eCM5BQXDBgEAJfumNeqfv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eb32f95d47c5252e6870d03f8d10037a_JaffaCakes118

Files

eb32f95d47c5252e6870d03f8d10037a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

328818cd01c6ca74a91bb53d72a0c7ae

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

CryptDestroyHash
RegOpenKeyExA
RegEnumValueA
RegQueryValueExA
CryptCreateHash
CryptDestroyKey
RegDeleteValueA
CryptGetHashParam
CryptHashData
RegCreateKeyExA
GetUserNameA
RegSetValueExA
CryptImportKey
CryptEncrypt
CryptReleaseContext
RegEnumKeyExA
RegCloseKey

gdi32

CreateDIBitmap

iphlpapi

GetBestInterface
GetAdaptersInfo
SendARP

ole32

StgOpenStorage
StgCreateDocfile
CoTaskMemFree
CreateItemMoniker
BindMoniker
CoUninitialize
CoCreateInstance
StringFromGUID2
CoTaskMemAlloc
StgIsStorageFile
GetRunningObjectTable
CreateBindCtx
CoInitialize

shell32

SHGetSpecialFolderPathW
SHGetSpecialFolderPathA

kernel32

CreateFileA
IsBadWritePtr
_llseek
CreateFiberEx
GlobalMemoryStatus
IsBadReadPtr
WaitForSingleObject
GetLocaleInfoA
GetModuleHandleA
DefineDosDeviceA
DeleteCriticalSection
GetTempPathA
GetLocalTime
GetThreadPriority
GetSystemInfo
GetACP
GetDevicePowerState
GetWindowsDirectoryA
CreateEventA
DeviceIoControl
WaitForMultipleObjects
QueryPerformanceCounter
ReadFile
GetCurrentThreadId
CreateDirectoryA
InterlockedDecrement
GetSystemTime
OutputDebugStringA
FlushInstructionCache
VirtualQuery
EnumResourceNamesW
LocalAlloc
GetDiskFreeSpaceA
GetComputerNameA
GetSystemDirectoryA
LocalFree
WriteFile
ResetEvent
CreateProcessA
CreateSemaphoreA
QueryDosDeviceA
GetVersion
VirtualFree
InterlockedExchange
VirtualAlloc
GetPrivateProfileStringA
GetCurrentProcessId
SetThreadPriority
LeaveCriticalSection
GetLastError
SetLastError
Sleep
LoadLibraryA
LoadLibraryExA
FlushFileBuffers
CreateMutexA
FreeLibrary
GetVersionExA
GetFileAttributesA
GetCurrentThread
CreateThread
EnterCriticalSection
GetModuleFileNameA
InitializeCriticalSection
SetEvent
InterlockedIncrement
DeleteFileA
CompareStringA
GetTickCount
CloseHandle
lstrlenA
ReleaseMutex

user32

ShowWindow
GetDC
DispatchMessageA
RegisterWindowMessageA
ReleaseDC
PostThreadMessageA
GetQueueStatus
CreateDialogParamA
PeekMessageA
DestroyWindow
wsprintfA
MsgWaitForMultipleObjects
GetDesktopWindow
RealGetWindowClassA
wvsprintfA

winmm

timeGetTime
timeSetEvent

wininet

InternetReadFile
InternetCloseHandle
InternetOpenUrlA
InternetOpenA

setupapi

SetupDiGetDeviceRegistryPropertyW
CMP_WaitNoPendingInstallEvents
CM_Get_DevNode_Status

Sections

.text
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

328818cd01c6ca74a91bb53d72a0c7ae

Headers

File Characteristics

Imports

advapi32

gdi32

iphlpapi

ole32

shell32

kernel32

user32

winmm

wininet

setupapi

Sections

.text Size: 168KB - Virtual size: 168KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 24KB - Virtual size: 24KB

.tls Size: 512B - Virtual size: 352KB

.text
Size: 168KB - Virtual size: 168KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 24KB - Virtual size: 24KB

.tls
Size: 512B - Virtual size: 352KB