f0c1837bae45a1067ae93ea1220e8dad_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f0c1837bae45a1067ae93ea1220e8dad_JaffaCakes118
Size

181KB
MD5

f0c1837bae45a1067ae93ea1220e8dad
SHA1

c3760829bd03e02b59e9a0ee7fd21e051fc94edc
SHA256

c1fdc93c615a05bca3b4db497ed9c42bc4039103d4949c7bbc83f8d2da6fe67f
SHA512

012d3cc723ff27dcee85a6660298ede61bd8ea0d1e8042c84a57b9a4d62869b0c077bec30e11a6c66c2ec9b766ba26d1164611eb8ef34943f47a42e93b04d856
SSDEEP

3072:8Vy+ht6Vh8eZB6PwwdaXMDpUmZUt0/wWOpEO0lgCzPJjBhU:8MY6PB6raMQadNhU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f0c1837bae45a1067ae93ea1220e8dad_JaffaCakes118

Files

f0c1837bae45a1067ae93ea1220e8dad_JaffaCakes118
.exe windows:5 windows x86 arch:x86

09246f1fbaf8024cbb007be18ccc7022

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

sprintf
printf
strlen
memcpy
memset
wcscpy
wcscat
??3@YAXPAX@Z
wcslen
wcsstr
strncpy
_snprintf

ntdll

NtQueryObject
NtQuerySystemInformation
ZwTerminateProcess
NtQueryInformationThread
NtWaitForSingleObject
NtDeviceIoControlFile

kernel32

lstrlenA
LocalFree
lstrcatA
lstrcmpA
FindNextFileA
FindFirstFileA
HeapFree
HeapAlloc
GetProcAddress
LoadLibraryA
FreeLibrary
lstrcmpiA
GetPrivateProfileStringA
GetPrivateProfileSectionNamesA
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
CloseHandle
WriteFile
CreateFileA
HeapReAlloc
HeapCreate
WinExec
LocalAlloc
ExitThread
GetFileAttributesA
LoadLibraryExA
lstrcpynA
SetCurrentDirectoryA
WideCharToMultiByte
ReadFile
GetFileSize
GetProcessHeap
GetModuleFileNameA
GetSystemDirectoryA
GetVersionExA
CreateThread
GetTickCount
GetSystemInfo
TerminateThread
ExitProcess
VirtualFree
VirtualAlloc
SetUnhandledExceptionFilter
GlobalFree
CreateMutexA
SetErrorMode
lstrlenW
lstrcpyW
DeleteFileA
OutputDebugStringA
TerminateProcess
GetLastError
CreateProcessA
GetEnvironmentVariableA
ReleaseMutex
lstrcmpW
DuplicateHandle
OpenProcess
GetCurrentProcessId
IsBadReadPtr
IsBadCodePtr
GetModuleHandleA
lstrcpyA
MultiByteToWideChar
GetWindowsDirectoryA
FindClose
Sleep
CreateFileW

user32

CharLowerA
wsprintfW
wsprintfA
CharLowerW
wvsprintfA

advapi32

RegEnumKeyExA
OpenSCManagerA
CreateServiceA
OpenServiceA
StartServiceA
CloseServiceHandle
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
CredEnumerateA
CredFree
RegCreateKeyExA
RegSetValueExA
GetUserNameA
RegEnumValueA
RegOpenKeyExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey

shell32

SHGetFolderPathA

ole32

CoUninitialize
CoCreateInstance
CoInitialize
CoTaskMemFree

oleaut32

SysAllocString
SysFreeString

ws2_32

gethostbyname
socket
connect
recv
getsockname
htons
listen
accept
__WSAFDIsSet
select
WSAStartup
bind
inet_addr
gethostbyaddr
send
WSACleanup
closesocket

wininet

InternetReadFile
HttpEndRequestA
HttpSendRequestExA
HttpOpenRequestA
InternetCloseHandle
InternetConnectA
InternetOpenA
InternetCrackUrlA
InternetOpenUrlA
InternetGetConnectedState

iphlpapi

GetTcpTable
SetTcpEntry
GetNetworkParams
GetAdaptersInfo
GetBestInterface
SendARP

dbghelp

SymInitialize
SymGetModuleBase
SymGetSymFromAddr
SymGetModuleInfo
SymSetOptions

Sections

.data
Size: 180KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

09246f1fbaf8024cbb007be18ccc7022

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ntdll

kernel32

user32

advapi32

shell32

ole32

oleaut32

ws2_32

wininet

iphlpapi

dbghelp

Sections

.data Size: 180KB - Virtual size: 179KB

.data
Size: 180KB - Virtual size: 179KB